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CHAPTER I: INTRODUCTION 


1A100 Scope 

The NASA/GSFC approved OGO reliability program revised to meet 
the ERTS requirements is presented in this document. The plan covers 
all aspects of reliability for the phase D contract. The plan is written in 
compliance with NPC 250-1 but is structured in accordance with the draft 
copy of the new NASA "Reliability Program Provisions for Space System 
Contractor" NHB 5300. XXX (draft copy May 1969) to incorporate the 
requirements for hardware and software associated with the ground data 
handling system and other site requirements. A comparison of 
NHB 5300. XXX and NPC 250-1 is included in Appendix I. 


1A101 Approach 


The reliability program plan was prepared based on the following 
philosophy of management activities to ensure that reliability is a prime 
consideration throughout the life of the project: 

• Establish firm reliability policies and procedures for each 
area and aspect of hardware and software design, develop- 
ment, test, manufacturing, quality control, purchasing, 
material, safety, processes, calibration, and packaging. 

• Define suitable organizations to implement these policies 
and procedures. 

• Provide continuous monitoring of the reliability program. 


With a reliability program of active participation in all phases of 
the project, a solid basis for design evaluation, reporting, improving, 
and documenting the equipment and software reliability is assured. 


In this document no concentrated effort is made to illustrate 
a one-to-one correspondence between proven techniques for hardware 
reliability assurance and methods which serve similar interests for the 
software counter- part. The areas where software interests are most 
clearly recognized (design review, recognition of built-in failure struc- 
tures and corrective action, and test planning) is indicated and 
elaboration of the specifics of the provisions as applied to software 
requirements will be provided as required. 
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1A102 Relation to Other Contract Requirements 


The reliability program plan delineates those specific tasks to be 
performed be reliability personnel. Where the tasks described are 
common to two or more participants including reliability as one of the 
participants, the amount of overlap and responsibilities are described. 

In case of conflict between this reliability program plan and the 
ERTS work statement of the contract, the latter will have precedence. 

1A103 Action and Prerogatives of the Government 

Independent assessment contractors assigned to ERTS by 
NASA/GSFC will be given access to all needed ERTS performance assur- 
ance information generated by TRW Systems Group and subcontractors as 
specified or approved by NASA/GSFC. This will include but not be 
limited to: 

1) All performance assurance plans and revisions 

2) Notification, data packages, and minutes of design 
reviews 

3) Participation in design review and failure review board 
activities 

4) Parts and materials lists and revisions 

5) Reliability evaluation program review reports 

6) Specifications 

7) Reliability predictions, math models, failure mode 
effect, and criticality analyses and apportionments 

8) Reliability assessment reports 

9) Failure reports and failure analysis of each reportable 
failure 

10) Lists of suppliers and subcontractors. 

1A104 Reliability Documentation 

The items of reliability documentation to be delivered to NASA/ 
GSFC are set forth in Table 1. 
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Table 1 . Reliability Documentation 


Documentation 

Delivery Schedule 

NASA /GSFC Approval/ 
Review Information 

Reliability Program Plan 

60 days after contract award 

Approval 

Revised Reliability Program Plan 

30 days after NASA requested 
revisions are received at TRW 

Approval 

Quarterly Reliability Assessment Reports 

Quarterly 

Review 

Design Review Notifications (TRW/ 
Subcontractor) 

15 working days prior to each 
review 

Information 

Design Review Packages (TRW/ 
Subcontractor) 

15 working days prior to each 
review 

Review 

Design Review Minutes (TRW/ 
Subcontractor) 

5 working days prior to each 
review 

Review 

Failure Report Notification 



• Spacecraft failures after 
integration 

TWX within 48 hours of failure 

Information 

• Prior to spacecraft integration 

Airmail arrive at GSFC within 
5 working days of failure 

Information 

Failure Report Analyses 

Airmail arrive at GSFC 5 working 
days after analysis is completed 

Information 

Failure Review Board Notification 

Airmail arrive at GSFC 5 working 
days prior to meeting 

Information 

Failure Review Board Minutes 

Airmail arrive at GSFC 10 working 
days after each Failure Review 
Board Meeting 

Information 

Failure Report Summaries 

Monthly 

Information 

Reliability Evaluation Plan 

As required by contract work 
statement 

Approval 

Reliability Evaluation Program Review 
Reports 

Major milestones 

Approval 

Parts and Materials Qualification 
Status Lists 

30 days prior to CDR 

Approval 

Parts, Materials, and Processes 
Applications Review 

30 days prior to CDR 

Review 

Design Specifications 

With CDR data package 

Review 

Parts and Materials Specifications 

30 days prior to CDR 

Review 

Parts and Materials Qualification Test 
Specifications 

30 days prior to CDR 

Review 

Test Specifications and Procedures 

30 days prior to start 
acceptance tests 

Review 

List of Suppliers and Subcontractors 
Selected After Approval of Reliability 
Program Plan 

30 days after plan approval 

Review 

Reliability Block Diagrams (as updated) 

With design review data packages 

Information 

Reliability Prediction Models (as updated) 

With design review data packages 

Information 

Failure Mode, Effect, and Criticality 
Analysis 

With design review data packages 

Information 

Maintainability and Elimination of 
Human Error Reports 

With design review data packages 

Information 

Parts and Materials Program Progress 
Reports 

As generated 

Information 

Approved Parts and Materials Lists 

30 days prior to CDR 

Information 

Reliability Assessment Models 

With design review data packages 

Information 

Test Reports 

30 days after completion of tests 

Information 
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1A105 Glossary of Terms 


The "Glossary of Terms" defined in Appendix A of NPC 250-1 
applies. 

1A106 Related Documents 

TRW Systems Group documents which relate to the Reliability 
program plan are presented below: 

• ERTS - Maintainability Program Plan 

• ERTS - Quality Program Plan 

• ERTS - Program Plan for Soldering of Electrical Connections 

• ERTS - Failure Reporting Plan 

• ERTS - Test Monitoring and Control Plan 

• ERTS - Configuration Management Plan 

• TRW Systems Group - Reliability Manual (RM) 
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CHAPTER 2: RELIABILITY PROGRAM MANAGEMENT 


1 A 200 Organization 

The reliability organization for the ERTS project follows the general 
TRW Systems Group requirements as defined in the TRW Systems relia- 
bility manual. This organization consists of three basic elements: 

• Project office having management responsibility 

• Functional organizations responsible for supporting each project 

• Company staff activities developing general policies and 
performing auditing functions 

Figure 1 illustrates the relationship between the TRW ERTS project 
reliability with the divisional and corporate reliability support. 

1A200. 1 ERTS Project Office 

Under the ERTS project manager, the primary responsibility for 
the supervision of reliability activities and management of the reliability 
program for both spacecraft and GDHS rests with the manager of per- 
formance assurance. The manager of performance assurance is supported 
directly by the reliability departments or staff of the Electronic Systems 
Division (ESD), Space Vehicles Division (SVD), Science and Technology 
Division (STD), and Software and Information System Division (S&ISD), 
and reviewed and audited by the TRW Systems Product Assurance 
Directorate. In each major area, a responsible engineer is assigned to 
the ERTS project to ensure adequate support and control functions in these 
areas . 

1 A200. 2 Responsibilities 
1A200. 2. 1 ERTS Project Office 

The manager of performance assurance is responsible for directing 
the reliability program in a manner which will ensure that the product 
meets the reliability requirements as defined in NASA document S-701-P-3 
and the work statement. His responsibilities include: 

• Assigning specific work elements to the divisional reliability 
departments or other organizations in accordance with functional 
responsibilities for the equipment being developed 
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Figure I 

PROJECT PERFORMANCE ASSURANCE 
SUPPORT INTERFACES 


• Controlling budgets and task allocations 

• Reviewing progress against milestones and budgets 

• Monitoring the performance of reliability and maintainability 
tasks and initiating corrective action with the cognizant level of 
management in the functional divisions, if required. 

• Representing TRW Systems Group, with appropriate support 
from other responsible organizations, in dealing with all 
matters relating to reliability and maintainability on the ERTS 
project 

• Reviewing and approving all official communications to customer 
affecting reliability and maintainability 
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• Participating in negotiations with the customer on contract 
committments, changes, and cost estimates pertaining to 
reliability and maintainability 

• Developing the reliability and maintainability prediction models 
for the overall ERTS system 

• Responsibility for sponsoring and chairmanship of design 
reviews involving the screening of design features against 
ERTS project requirements 

• Reviewing final selection and control of parts, materials, 
processes, and sources of supply 

• Reviewing and approving subcontractor reliability and maintain- 
ability program plans 

• Development and approval of environmental design and test 
specifications 

• Coordinating, reviewing, and approving all subsystem and 
assembly specifications 

1 A200. 2. 2 Design Enginee r 

Design departments with appropriate support from the division 
reliability staffs, are responsible for designing equipment to achieve 
the established reliability requirements. As applicable, a numerical 
reliability apportionment for the equipment is developed. This require- 
ment is included in the design specification. The responsible engineer 
is responsible for: 

• Furnishing the required reliability analyses (e.g., failure 
mode, criticality, and worst case analysis) 

• Providing maintenance and human factors analyses if 
required 

• Presenting the above information as part of the total design 
review package. 

1A200. 2. 3 Fabrication 


The organizations doing fabrication are responsible for: 

• Ensuring that the designed reliability of the product is not 
degraded by the manufacturing process 
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• Handling failed hardware in accordance with established 
procedures 

• Participating in the review of final design drawings prior to 
release to ensure compatibility with manufacturing capability. 



2.4 Software Testing 






. ' , 


The organizations doing software testing are responsible for: 

• Ensuring that proper testing is conducted on the software 

• Documenting problems on the prescribed level 

• Participating in the review of final software prior to test. 

1A200. 2. 5 Divisional Reliability Departments 

The project performance assurance manager assigns the following 
functions to the divisional reliability departments: 




1) Subcontractor control — The divisional reliability departments 
provide reliability liaison with all major subcontractors. 

In addition, they participate in the formulation of contract 
requirements and general surveillance of subcontractor 
reliability performance in design and fabrication. They are 
also included in survey teams engaged in the evaluation of 
suitable suppliers. 

2) Review of design specifications —Environmental design and 
test specifications are reviewed by the divisional reliability 
departments. The specifications are reviewed against 
project requirements to ensure adequate environmental 
requirements and reliability considerations. 

3) Estimates and theoretical studies — Reliability estimates are 
provided by the divisional reliability to determine the proba- 
bility of each subsystem meeting mission requirements. 
Periodically, new reliability estimates are performed as a 
basis for evaluating the ability of the equipment to meet 
system reliability requirements, to evaluate design changes, 
and to isolate reliability problem areas. Other theoretical 
studies relative to reliability estimation and statistical 
methods are conducted as required. An approach for soft- 
ware reliability assessment is presented in Appendix D. 

4) Failure mode analyses — The divisional reliability depart- 
ments assist the unit engineer in performing the failure mode, 
effect, and criticality analyses down to the component 
(assembly) level. These analyses determine for each 
possible failure mode the effect on mission performance. 
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Review of the analyses is conducted by the divisional 
reliability staffs as part of the design review program. 

5) Maintainability and human factors analysis — The divisional 
reliability departments support the responsible engineer in 
performing the maintainability analysis and human factors 
analysis required as part of the second and third design 
reviews. They are also responsible for furnishing required 
reliability and related data to be used in this task. 


6) Design review program - The divisional reliability depart- 
ments are responsible for documentation of committee 

pi oceedings, scheduling, action follow-up, and reviewing 
the design review presentation. In addition, they assist the 
design review chairman, a member of the ERTS project 
office, in conducting the review. 

7) Failure analysis and corrective action — Failure analysis 
and corrective action follow-up are conducted by the 
divisional reliability departments. These include analysis, 
correction, and data feedback on all failures and malfunc- 
tion which occur throughout the fabrication, test, and 
operation of the equipment. Laboratory analysis of the 
failure is normally performed by the Components and 
Materials Departments of the Electronics System Division 
or the Material Sciences Department of the Science and 
Technology Division under the direction of the appropriate 
divisional reliability departments. Detailed analysis of 
component and subsystem failures is jointly conducted by 
the responsible unit engineer /project engineer, and the 
responsible reliability engineer. 


8 ) 



ormal activity for 
le code production 
nalysis of compute 


tware development is not initiated in 
1 routine debug phase. Detailed 
rogram failures is jointly conducted 
engineer/project engineer, an appro- 
'f the Information Processing Operations 
>rmation Systems Division, and the 
engineer as required. 


The divisional reliability departments are responsible for 
auditing the Parts, Material, and Processes Program 
specifications and the suppliers from the reliability view- 
point. The departments also establish the failure rate 
estimates for the parts being specified in addition to 
maintaining failure rate histories, disseminating data to 
IDEP, and responding to GSFC "Alerter" bulletins. 
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9) Reliability test program and evaluation — The divisional 
reliability departments participate in the integrated 
reliability test program to maximize the attainment of 
reliability data from developmental, acceptance, qualifica- 
tion, and life tests. The reliability departments are also 
responsible for assisting the manager of performance 
assurance in monitoring the test programs in the prepara- 
tion of environmental test specifications. Based on this 
test program, the reliability departments prepare reliability 
assessments, updated as required. 
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Specialty Organizations 


The following specialty organization support the performance of 
reliability tasks. These specialty organizations are available to the 
design activities for consultation and also act as a control function under 
the direction of the ERTS project office. 


a) Components, Materials, and Processes Departments ~ 
Under the cognizance of the ERTS project office the 
Components, Materials, and Processes Departments are 
responsible for assisting the Design Department in the 
selection and application of all parts and materials used in 
electronic subsystems. These departments are responsible 
for: 


• Assisting in the parts, materials, and processes program, 
including standardization, development, specifications, 
qualification testing, and application review of parts 

and materials for all electronic items to be used in the 
system 

• Advising the design groups on the best parts and 
materials for their application 

• Conducting a standardization effort to reduce the variety, 
styles, and generic part types to the minimum practical 
number 

• Preparing company specifications to meet mission per- 
formance for those areas where adequate specifications 
are not available 

• Conducting suitable qualification tests to determine 
adequacy of the selected parts and materials in meeting 
system requirements where adequate qualification data 
are not available. 

• IDEP inputs and GSFC n Alerter 1 * * investigations 

• Preparing and maintaining preferred parts and materials 
lists for project office approval 
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• Conducting detailed application reviews to determine that 
parts and materials are being applied properly for the 
environment and stress to which they are subjected 

b) Material Science Department — The Chemistry and 
Materials Laboratories of the Science and Technology 
Division are responsible for assisting the design departments 
in the selection and application of all materials used for 
mechanical, propulsion, or structural subsystems. The 
responsibilities of the laboratories are basically the same 

as those listed in (a). In addition, the department performs 
research and investigations into various materials for aero- 
space applications. These studies include the effects of 
vacuum, radiation, and high levels of shock and vibration. 

The results of these studies are used to improve the 
reliability of spacecraft packaging and structures. 

c) Quality Assu rance (QA) — Quality assurance ensures that the 
inherent designed reliability is not degraded during the 
fabrication, integration, or testing cycles within the com- 
pany’s manufacturing operations and that specified reliability 
requirements such as parts screening are accomplished. It 
is also responsible for ensuring the maintenance of the 
required quality level at the vendor’s plants. This is accom- 
plished by means of surveys, evaluations, and surveillance. 
In addition, quality assurance is responsible for verifying 
that failure reports are prepared and that failed hardware 

is disposed of properly. 


The quality assurance function is fulfilled within Software and Inf or - 
mation Systems Division — Product Assurance in a manner consistent 
with the organizational stricture, established responsibilities of the 
S&eISD line organization, and optimization of use of available automated 
techniques. This function is accomplished primarily by means of con- 
tinued surveys of the state of the art in software quality assurance and 
design and development of automated tools (Product Assurance Checkout 
and Evaluation System) to assist in the quality assurance task throughout 
the software development cycle, thus enhancing the reliability of the 
completed product. 


m - < ' 


1 A200. 2. 7 Reliability Assurance (RA) 


The prime responsibility of the corporate reliability assurance is 
to develop overall policies and procedures for the conduct of reliability 
programs. In addition, this organization is responsible for: 

• Auditing programs to ensure compliance with the reliability 
requirements of the customer 
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• Performing periodic detailed audits to investigate potential 
reliability problem areas 

• Continually reviewing reliability practices, policies, and 
procedures to provide for the development of new techniques 
as necessary 

• Implementing suitable training and indoctrination programs to 
ensure that design, manufacturing, and other personnel are 
aware of the latest reliability methods 

• Establishing suitable standard design practices and ensuring 
their utilization to the maximum extent possible 

• Reviewing reliability sections of major proposals and reliability 
program plans 

• Establishing a company-wide failure correction system to 
provide failure analysis, corrective action, and reporting 
continuity from program to program for maximum benefit to all 
programs. 

1A201 Reliability Progr am Plan 

The reliability program plan described herein is the master control 
document for the ERTS Phase D Contract. The plan has been developed 
in conformance with NPC 250-1 . n The Reliability Program Provisions 
for Space Contractors n and as amended by the contract work statement. 
This plan will be updated periodically as specified in the contract. 

1A202 Reliability Prog ram Control 

1A202. 1 General 

The Manager of Performance Assurance has direct responsibility 
for all ERTS reliability activities and for their being conducted through 
to successful completion. 

Each major task within NPC 250-1 will be assigned a cost code, a 
group (identified by names to accomplish the task), and a scheduled date 
for task completion. The manager of performance assurance reviews, on 
a monthly basis, the changes accumulated by task number, the participat- 
ing organization identifying code, and the names of the persons changing. 
A cumulative record of the task effort being expended versus the projected 
task output is maintained to assure completion within the budget and on 
schedule. Variances indicating potential problem areas are resolved with 
the responsible organizations. 
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1A202. 2 Reliability Program Evaluations 


TRW Systems Group and the cognizant NASA installation will jointly 
conduct reviews of the reliability program, including major subcontractors, 
to assess its progress and effectiveness. Reviews based on particular 
problem areas or required by major redesign can be called by TRW or 
NASA/GSFC as required. The reviews will be documented by TRW Systems 
Group. Proposed revisions to the reliability program plan, within the 
scope of the contract, will be submitted to NASA/GSFC for approval 
within 30 days following the review. 

1A203 Reliability Progress Reporting 

1A203. 1 General 

Written reliability progress reports will be furnished to NASA/ 

GSFC in accordance with the requirements of the work statement. Each 

♦* 

report will also include information from each major subcontractor. In 
conjunction with the written reliability progress report, joint contractor/ 
NASA management meetings will be held to discuss pertinent items 
requiring clarification or additional information. 

1 A203. 2 Written Progress Reports 

The periodic written reliability progress reports will include 
separate sections for significant technical accomplishments and mile- 
stones completed, summary descriptions of each active major task, 
problem areas and status of proposed corrective action, revisions to 
work scheduled and work scheduled for next reporting period, decisions 
and actions affecting reliability tasks and their effect on system reliability, 
and an overall discussion of reliability program status. 

1A203. 3 Reli ability Program Control Reports 

The manager of performance assurance will submit periodic relia- 
bility control reports to the extent specified in the work statement. 

1A204 Reliability Training 

Reliability orientation and indoctrination conducted in both written 
and oral form is a continuing program at TRW Systems Group. Training 
courses for the various activities involved are given by the TRW Systems 
corporate product assurance staff using lectures, slide presentations, 
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as well as manuals, charts, and other training aids. Typical courses to 
be presented to ERTS personnel include: 


• Soldering to NASA quality requirements 

• Soldering of electrical connectors 

• Module welding 

• Radiographic inspiration 

• Dye penetrant inspection 

• Ultrasonic inspection 

• Use of software test tools. 


1 A205 Su bcontractor and Supplier Control 
1A205. 1 General 

Assurance that suppliers and subcontractors of deliverable equip- 
ment will be governed by ERTS quality and reliability requirements is 
provided by a supplier quality and reliability control program. Control 
of contractor procured material is defined in the ERTS quality program 
plan. 

1A205.2 Reliability Program Requirements for Major Subcontractors 


Applicable provisions of NPC 250-1 are imposed on major subcon- 
tractors by the subcontractor reliability requirements document, 
PAR-700-54, presented in Appendix C. 

1A205. 3 Resident Representatives 

A TRW Systems Group resident technical representative is assigned 
as appropriate to monitor and assist in the direction of reliability pro- 
grams at major subcontractor facilities when critical assemblies are 
involved. 


1A205 . 4 Reliability Controls for Subcontractors and Suppliers not 
Classified as Major 

All hardware suppliers and process houses not defined as major 
are subject to the applicable reliability and quality assurance provisions 
of NPC 200-3. In those cases where the requirements of NPC 200-3 
may be deleted, the reliability and quality levels are imposed by the 


2-10 


various specifications to which the parts are procured. In conjunction 
with the parts, materials, and processes program established in para- 
graph IA308 of this plan, a supplier quality and reliability control program 
includes a supplier survey to check the supplier's capability prior to 
award of a contract. The survey is performed by a team of specialists, 
each of whom rates the supplier in his particular field. The supplier's 
reliability capability is evaluated by a reliability staff specialist. Con- 
sideration is given to previous reliability history, use of effective 
reliability methods and procedures, and use of experienced reliability 
engineers. 

After award of a contract to a supplier, continuous surveillance 
of his activities is maintained. During the engineering phase, this is 
done by design reviews in the supplier's facility. During the fabrication/ 
test phase, surveillance is performed by TRW Systems Group quality 
assurance personnel. 

For electronic piece-parts, supplier and parts selection includes 
concurrence by the TRW Systems Group parts specialists. Concurrence 
applies to specific parts and to specific vendors for which sufficient reli- 
ability data history are available to provide confidence. Surveillance 
during fabrication is provided by TRW Systems Group source inspection 
of the supplier's facility. 

1A206 Control of Government Furnished Pro perty 

Assemblies that are government furnished property (GFP) will be 
reviewed by reliability personnel to determine compatibility with ERTS 
requirements. Where differences are noted, NASA/GSFC will be notified 
for appropriate action. 

Reliability assessments of GFP will be conducted to the same level 
and schedule as that performed for TRW Systems Group designed 
equipment. 
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CHAPTER 3: RELIABILITY ENGINEERING 


1A3Q0 General 

This section describes the basic elements of the reliability 
engineering program 

1 A301 Design Specifications 

1A301. 1 Generation and Control 

The office of the manager of performance assurance is responsible 
for the generation and maintenance of ERTS design and environmental 
specifications. These specifications are maintained at the observatory, 
system, subsystem, and component assembly level, and cover all items 
of ERTS flight and ground hardware. 


Reliability requirements are delineated in the individual subsystem, 
assembly, and subassembly specifications. These requirements include 
specifying the numerical reliability probability figure which applies 
under stated conditions for a specified period; it is obtained from the 
appropriate budget. The initial subsystem budget is established by the 
manager of performance assurance within the ERTS project office. A 
preliminary reliability assessment of the system to determine the 
quantitative reliability relationships of the various subsystems was 
performed and is included in the ERTS phase D proposal. Based on 
these estimates, an apportionment was made to establish the system 
reliability budget, consistent with the established design goal for the 
system. In a similar manner, the budgets for the various assemblies 
and subassemblies will be established by the responsible subsystem 
and unit engineers, respectively. The establishment of these budgets is 
supported and checked by the appropriate division reliability staff. 






The reliability requirements indicated in this section as being 
delineated in the individual subsystem, assembly, and subassembly 
specifications, and calling for assignment of numerical reliability prob- 
ability figures do not apply to software (x. e. , computer program detailed 
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1A301.2 Updating and Review 


Under the cognizance of the manager of performance assurance 
revisions or deviations to the specifications are prepared by the office 
of the responsible subprogram manager within his design department 
or laboratory. All specifications issues, revisions, and deviations bear 
the signature approval of such subprogram manager and of the manager 
of performance assurance. All revisions or deviations are subject to 
NASA review. The specification tree of the ERTS project is contained 
in the ERTS configuration management plan. 

1A302 Reliability Prediction and Estimation 

The overall reliability prediction for the ERTS observatory system 
is contained in ERTS technical proposal. Part II, Volume 3. For the 
prediction, three equipment status states were required to complete the 
analysis. 

• Flight tested equipment not requiring redesign 

• Flight tested equipment requiring redesign or modification 

• New design equipment 

Included in the predictions are functional block diagrams down to the 
component level or major function level as appropriate to define the 
operation of the equipment. 

Failure rates used in the prediction were selected in the following 
order of precedence: 

• TRW System Group approved failure rates 

• NASA supplied failure rates 

• Vendor supplied failure rates 

• Other sources 

The reliability predictions for electrical equipment were performed 
using the parts population method. Design furnished part stresses 
(electrical and thermal) were used in the prediction where available. 

For parts where stress data were not available, a nominal 30° ambient 
temperature and 25 percent electrical rating were used. Mechanical and 
structural equipment were assessed to determine their inherent reliability. 
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1A303 Failure Mode Effect and Criticality Analyses 


Failure mode effect and criticality analyses will be performed to 
the component assembly level or major functional level as appropriate 
to the operation of the equipment. 


In performing the failure mode, effect and criticality analyses 
each potential failure mode will be evaluated (1) as to the probability of 
occurrence, (2) the effect on the probability of mission success, and (3) 
alternate means of negating or minimizing the failure. 

During the phase D contract, the failure mode effect and criticality 
analyses will be continued through the final design reviews to ensure 
elimination of all single failure points from the design. 

1A304 Maintainability of the System and Elimination of Human Induced 
Failure 

During the design of the phase D contract, the reliability pre- 
dictions, failure mode effects, and criticality analyses will be used as a 
basis in the design to develop and define the maintenance concept and 
checkout equipment and procedure for both the observatory and the 
GDHS or defined in the maintainability program plans. Analyses will 
be conducted to assure that each failure mode can be detected and 
localized to a repairable item and that the equipment provides safe and 
ready access for such repair. In addition, a review of the human factors 
and man-machine interfaces will be made to assure that the equipment 
can be operated in a safe and reliable manner and that sources of human- 
induced failures are eliminated. Particular emphasis will be placed in 
reducing human induced failures in all areas of hardware and software for 
the GDHS, ground support, mission operations, and launch support. 

A continuing TRW product assurance training program available for 
ERTS personnel includes instructions in the improvement of competence 
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in detailed technical application, the improvement of motivation, training 
of supervisors, inspectors and assembliers, the supplying of current 
information on product improvement methods to product assurance 
manager and supervisors, the improvement of supervisory skills, 
interpersonnel skills, and provide newly hired members of the technical 
staff with briefing in the above areas. The goals of the product assurance 
training program are to: 

• Improve understanding of total quality effort 

• Identify the individual's role 


Improve skills 



Special concentration will be applied in the early stages of software 


iesign and development to eliminate all possible built-in failure structures, 
incorporating techniques which ease the continuing tasks of isolating and 



correcting sources of software problems (errors) and validating the 
correction. Key features of this approach will emphasize modularity and 
functional independence of programmed modules and use of available test 
tools (PACE) in the validation process. 


1A305 Design Review Program 
1A305. 1 General 


The design review function provides a progressive evaluation of 
design requirements and concepts throughout the design, fabrication, 
development, and operational program. It assures that all significant 
factors affecting function, reliability, and potential reliability degrada- 
tions have been properly considered. It also assures that all possible 
use is made of past experience accumulated in malfunction analyses, 
data retention files, check lists, procedures, specifications, failure 
mode effect, critical analyses, and other similar analyses. In this 
manner the highest possible reliability for flight hardware and for soft- 
ware and highest availability for GDHS hardware is designed into the 
equipment and software. 
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The basis for the informal and formal design review activities 
required in the software development cycle is to ensure design objectives 
which encompass utilization of a modular design approach, re-use where 
at all possible of existing proven software, and incorporation of increased 
testability through designed- in module independence. 

1A305. 2 Design Reviews b y the Contractor 

During phase D, formal design reviews will be held by TRW 
Systems Group on all new designs and all current designed equipment 
for ERTS that require redesign. The procedure for design reviews is 
contained in Appendix 2. The number of design reviews to be conducted 
will depend upon the state of the design at the beginning of phase D. 

Normally there are four check points where it is convenient and 
expeditious to conduct design reviews: 

• As early as possible after basic concepts have been defined 
(conceptual) 

• For electrical and electronic equipment, after circuit design 
and breadboard testing are completed. For mechanical, 
structural, and propulsion equipment, after initial design and 
engineering model testing has been completed (development) 

• After all drawings are compiled (final) 

• Design review for subcontractor and vendor items 
Design Review Number 1 (Conceptual) 

The preliminary design review number one was performed during 
the study phase. The review will be completed as shown on the master 
project chart for phase D. These two reviews (study phase and phase D) 
will cover the entire system on a subsystem-by-subsystem basis. The 
word subsystem is defined as being major hardware groups of relatable 
operational nature. The purpose of the conceptual review is to determine 
that the contractual and system requirements are clearly defined, that 
the selected design approach is properly justified, that the approach satis- 
fies the requirements, and that any problem areas are identified and tasks 
are assigned to provide immediate solutions. 

This review is held as soon as preliminary design studies have 
established the preferred basic system concept. The preliminary design 
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review number one established during the study phase for the spacecraft 
and GDHS will be finalized in the first design review of the phase D 
contract. Major factors to be considered in the design review number 
one are: 

• Review of contractual requirements 

• Preliminary subsystem specifications 

• Preliminary unit design data sheets 

• Subsystem block diagram 

• Unit or assembly block diagram (component) 

• Functional description 

• Interface compliance data (requirements of contract and other 
interfacing equipment versus design provisions of form, fit, 
and function) 

• Performance analysis considering electrical, thermal, 
mechanical, and RFI requirements 

• Packaging concept (top assemblies or exploded views to sub- 
assembly levels and estimated weights) 

• Preliminary parts lists 

• Developmental test plans 

• Developmental and factory test equipment requirements 
Design Review Number 2 (Research and Development) 

This is a subsystem review by equipment unit (component level). 

The review verifies the adequacy of finalized designs implemented based 
on approvals from phase D design review number one and any modification 
thereto. It establishes the requirements for advance procurements when 
necessary and initial reliability assessments and predictions as well as 
parts, materials requirements, and identifies problem areas and makes 
task assignments for their timely solutions. This review will be held 
as early as practical in the development phase after initial breadboard 
testing. No detailed drawings are prepared until review approval is 
obtained unless specified by the project manager. 

Major factors to be considered in design review number 2 are as 
follows: 
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• Review of contractual requirements 

• Subsystem specifications 

• Unit design data sheets 

• Subsystem block diagrams 

• Component block diagrams and schematics 

• Functional description 

• Interface compliance data 

• Performance analysis considering electrical, thermal, 
mechanical, and RFI requirements 

• Breadboard and/or engineering model test data 

• Reliability assessments, availability analyses, failure mode, 
effect and criticality analyses 

• Parts lists 

• Materials and processes lists 

• Design selection analyses 

• Preliminary weight and center of gravity data 

• Equipment and procurement specifications 

• Preliminary packaging drawings 

• Preliminary test specifications and/or calibration procedures 

• Developmental and factory test equipment design data 
Design Review Number 3 


This is a preproduction release review of each unit conducted after 
engineering model evaluation tests. This review verifies that: 

• All design limiting action items from prior reviews have been 
satisfactorily accomplished. 

• The design as finalized meets the currently existent contractual 
and system requirements of form, fit, function (performance, 
environmental survival, interface, weight, reliability, and 
maintainability. 

• Good practices of design have been utilized to provide for ease 
of manufacture, repair, adjustment, and inspection 
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• The design and its related detailed drawings and specifications 
are complete and ready for release to manufacturing. 

No release to production may be made until all design-limiting 
actions are completed and review approval is given, except where 
specifically waived by the project manager. 

Some of the primary factors to be considered in design review 
number 3 are: 


• Review of any customer requirement changes 

• Equipment specifications (final) 

• Final top assembly drawings and schematics (to module for 
drawer level) prepared for release approval 

• Maintainability of flight and ground support equipment 

• Maintainability of GDHS equipment 

• Performance analysis (for significantly revised or redesigned 
equipment or subassemblies) 


• Weight and center of gravity data (final) 

• Failure histories (of test articles) 

• Test specifications and calibration procedures (final) 

The critical review number 3 for software provides NASA with an 
opportunity to review the preliminary version of the Milestone D software 
design. The Milestone D components are reviewed sequentially in a series 









of meetings to ensure compliance with Milestone A design requirements, 




Milestone B implementation concepts, and Milestone C interface 





Design Reviews for Subcontracted Items 


For all major items of equipment designed and supplied by subcon- 
tractors to TRW Systems Group specifications, (major subcontractors 
are defined as those suppliers that are required to submit and work to 
TRW Systems Group approved reliability program plans). Design reviews 
are held in accordance with the program elements outlined above with 
TRW Systems Group personnel in attendance. The specific design review 
requirements for each major subcontractor are detailed in the purchase 
order. 


3-8 


1A305. 3 Sequence of Events 


The following sequence of events will apply to each design review 
held at TRW Systems Group and major subcontractors during the phase D 
contract: 

• Design review master schedule issued monthly or as required 
by the project schedules. 

• Division design review schedule issued monthly or as required 
by the project schedule. 

• Meeting notices issued not less than 15 working days in advance 
of each review with formal notification to the procuring NASA 
installation or its designated representative. 

• Design data packages issued 15 working days prior to each 
review with formal transmittal of copy to the procuring NASA 
installation or its designated representative. 

• Design review minutes issued within 5 working days after each 
review meeting and with formal submittal of copy to the procur- 
ing NASA installation or its designated representative. 

• Design review report issued within 30 calendar days after each 
review with formal submittal of copy to the procuring NASA 
installation or its designated representative. 

1A305.4 Engineering Design Changes 

Design changes on individual units after the conclusion of qualifica- 
tion tests or whenever, after the normal release to manufacturing has 
occurred, significant quality, performance, or reliability deficiencies 
are disclosed, or whenever major redesigns are required will be handled 
through the formal TRW Systems Group change evaluation control board 
(CECB) described in Section 5 of the ERTS configuration management 
plan. Any subsequent design reviews required by the CECB will be 
structured following the general guidelines of design review number 3 
described above. 

1 A3 06 Prob lem /Failure Reporting and Correction 

The detailed problem /failure reporting and correction for ERTS 
phase D is described in a separate document. This is in conformance 
with paragraph 7. 11. 6. 1(f) of the NASA/GSFC design specification 
S-701-P-3 where a separate failure reporting plan is acceptable to 
NASA/GSFC. 
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Procedures have been incorporated to extend proven techniques of 
malfunction reporting and correction for hardware systems to encompass 
the later stages of the development, test, and operational phases of soft- 
ware preparation. Modification of those techniques provides for processing 
of software problem reports, assurance of proper and timely corrective 
action (coordinated with the ERTS CECB as required by the divisional 
reliability staff representative) and feedback and documentation for use 
m subsequent analyses and maintenance of over-all system failure data. 

1A307 Standardization of Design Practices 


The standardization of design practices and the ensuring of a 
formalized quick-fix procedure at TRW Systems Group are described in 
the following company standard practices: 


• CSP 9. 22 Engineering Data 


• CSP 9. 16 Management of TRW Controlled Engineering Manuals 

• CSP 9. 15 Engineering Checking 


• CSP 9. 14 Issuance and Control of Expedited Engineering Orders 

• TRW Systems Programming Handbook 

• S&ISD Software Development Manual 


These documents define standard practices and associated 
organizational responsibilities relating to the preparation, coordination, 
approval, and maintenance of engineering data. 


It is the direct responsibility of the manager of performance 
assurance to assure compliance with the standard practices listed above 
throughout the ERTS project and further to assure that the controls are 
placed on subcontractors when applicable. 

TRW Systems Group maintains a formal manual system to ensure 
common design, drafting, manufacturing, quality, quality inspection, 
reliability, specification, configuration, maintainability and other 
related disciplines. These manuals are used to the fullest extent possible, 
within the contractual requirements, on each project. 

The ERTS reliability organization will review the contractual 
reliability requirements to determine what changes if any are required 
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in the TRW Systems Group manuals to comply with the contractual require- 
ments. This review will also include major subcontractor manuals. 

1A308 Parts and Materials Program 

1A308. 1 Introduction 

Surveillance of parts, materials, and processes functions will 
constitute one of the major performance assurance activities of the project. 
To fulfill the stringent project reliability requirements, constant 
emphasis must be exerted of the selection, evaluation, testing, and 
handling of all critical parts and materials. Careful control must be used 
in the selection, application, and documentation of materials and 
processes. 

The selection, test, evaluation, and specification preparation of 
parts and selection and specification preparation of needed material and 
process specifications will be performed by specialists from the Compo- 
nents, Materials Engineering, and the Materials and Processes Depart- 
ments assigned to the project. 

Selection, test, evaluation, specification preparation, handling of 
parts materials and processes, the preparation of material processes, 
and parts specifications are prime responsibilities of the manager of 
performance assurance. This places in the project office a central 
control on the parts, materials and processes. The following parts and 
materials program delineates the tasks performed on the project for the 
selection, reduction in number of types, specifications, and application 
review of parts, materials, and processes for all items used on the 
project. 

1A308. 2 Parts Program 

The manager, performance assurance is responsible for the parts 
program, for electromechanical and mechanical parts to support functional 
and packaging design. These responsibilities include selection of parts, 
establishment of preferred parts lists, evaluation of vendors and parts, 
preparation of definitive procurement specifications, analysis of parts 
reliability information, participation in supplier evaluation, supplying of 
parts application information for equipment reliability, and participation 
in design analysis reviews. A parts evaluation laboratory will furnish 
test data on the performance and characteristics of electronic and 
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electromechanical parts. Because of the specialized technology involved 
in semiconductor evaluation, special attention will be given to this field. 

Parts selection for the project will include representation from the 
various company divisional reliability and quality assurance staffs, 
electrical and mechanical design organizations, Components Department, 
the Material Engineering Department, and Procurement. Typically, the 
proposals for including parts on the list of preferred parts are made by 
the Components Department and the parts proposed are selected on the 
basis of functional need, reliability, mechanical configuration, avail- 
ability, and cost considerations. GSFC PPL-10 will be used as a basis 
for the selection procurement and stocking of all parts. 

Any deviation to the lists of preferred parts for the spacecraft and 
for the GDHS requires the approval of the manager of performance 
assurance. Deviations may reduce cost or delivery time if no reduction 
in reliability or quality results which might degrade the total system 
reliability. Instances will also occur where functional needs cannot be 
achieved with the list of preferred parts. Newly identified parts will be 
procured with existing specifications wherever possible. These speci- 
fications can be TRW Systems Group devices that are not on the list of 
preferred parts, MIL Specifications that are adequate, or individual 
vendor identified parts that are available. Regardless of the route taken, 
all necessary control steps will be exercised to guarantee that the part 
is completely defined with appropriate quality control, reliability, and 
packaging provisions to ensure homogeneous lots. 

If no adequate specification exists for a part that is selected, a 
specification will be written including all factors that are needed to 
achieve high reliability with proper quality control. The specification 
will be provided to prospective vendors for their concurrence prior to its 
release. In this way, assurance is provided that the specification is 
realistic in its method of achieving high reliability. 

Because of the tight control that will be exerted to minimize new 
specifications and because a comprehensive list already exists, few 
items will be in the category of newly identified parts. Thus a concen- 
trated effort will be exerted to do a complete job of defining the part in the 
shortest possible time. 
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Eligibility of vendors to furnish material to TRW Systems Group is 
established as required by company standard practice 6. 16, 

"Preprocurement Supplier Surveys, " and maintained current as 
prescribed in company standard practice 6. 19, "Supplier Surveillance and 
Performance Evaluation. 11 Emphasis is placed on the product having a 
record of proven reliability. Usually, qualification testing is conducted 
by the vendor, commercial facility (with certified data) or by TRW Sys- 
tems Group. Successful completion of qualification testing and con- 
formance with the requirements results in an entry in the TRW Systems 
Group "Approved Vendor List. M Procurement is limited to vendors so 
listed. Receiving inspection is conducted in accordance with quality con- 
trol requirements set forth in the part specification and amplified by a 
quality assurance incoming inspection procedure. Typically the parts 
specifications require submittal of certified acceptance test (both 100 per- 
cent and sampling) data for review and feedback through the mechanisms 
of CSP 6. 19 cited above. 

Where feasible each part will be stamped with a date code or other 
suitable designation to trace the lot in case of failure after the part leaves 
the vendor. 

To prevent part degradation by handling and/or storage, special 
handling and storage procedures will be formulated. These will include: 

• Special storage to reduce possible damage 

• Controlled environments for assembly 

• Controlled environments or plastic containers for storage 

• Complete part surveillance throughout the program 

The activities of parts specialists from parts, materials, and 
processes engineering will also extend into subcontracts of major equip- 
ments in conformance with TRW Systems Group subcontractor reliability 
requirements document PAR-700-54 for flight equipment as shown in 
Appendix C and PAR -700- 55 for GDHS equipment as shown in Appendix E. 
Each major subcontractor will be required to implement a program cover- 
ing selection, reduction in number of types, specification, and application 
review of parts for all items to be used in the system. A description of 
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this program will be submitted for TRW Systems Group review. The 
subcontractor will be required to identify the organization that has the 
responsibility to act as advisor or control point for design group on the 
application and selection of parts and to conduct the parts program. A 
description of the organization and procedures to be employed in this 
activity will be included in subcontractor's program for TRW Systems 
Group review. Prior to finalization of the design of each component, each 
major subcontractor will conduct a thorough applications review to deter- 
mine the applicability of each part in that design to mission profile 
requirements, e. g. , stress analysis for electronic assemblies. These 
reviews must be thoroughly documented and will be considered a check 
list item for formal design reviews. 

The preferred parts list will be maintained with definitive speci- 
fications and application data defined in a proper manner. This list will 
include all items which must be incorporated due to their identification 
by a subcontractor. The physical entry will occur when it is decided by 
mutual concurrence between TRW Systems Group and the subcontractor 
that the part must be included. 

An electronics, electromechanical parts matrix will be created 
and maintained for the observatory. This matrix will list all electronic, 
electromechanical, and mechanical parts. No attempt will be made to 
indicate quantities used or subassemblies on which these parts will be 
used. The parts list will be compared with GSFC PPL- 10 and deviations 
will be noted. Parts for the GDHS designed equipment will be selected 
from the following sources and in the order listed: 

• Select from the preferred parts defined in the ERTS GDHS 
parts standard 

• Select from MIL Spec on MIL STD types not identified in 
the ERTS GDHS parts standard 

• Select from high quality commercial suppliers 
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Traceability of parts to assemblies and subassemblies is maintained 
by the Consolidated Indentured Parts List (CIPL) and the System Parts 
Accumulation Index (SPAI). The CIPL is an indentured listing of configured 
items to the lowest indenture level of assembly. It includes the applicable 
specifications and test procedures as well as the code identification for 
purchased parts. The SPAI is an alphanumeric order computer printout 
of all parts and applicable specifications and procedures in the system. 

It is obtained from the same data used to produce the CIPL. 

Parts specialists will participate in the design reviews as a member 
of the review board. Concurrence with the design will be made by sign- 
off of the drawings and specifications when all conflicting items have been 
resolved. Final resolution will rest with the manager of performance 
assurance. 

Parts and materials failure analysis required for nonconformance 
on higher levels of assembly are described in the failure reporting plan 
written in response to paragraph 7. 11. 6. 1(b) of Specification S-701-P-3. 


1A308. 3 Materials and Processes Program 

The manager of performance assurance is responsible for the ERTS 
materials and processes program. This program includes preparation 
and updating of the approved materials and processes list, and effecting 
controls for the use of all materials and processes. 

The materials and processes specialists will provide materials 
and processes guidance to the project through continuous design consulta- 
tion, research and development of materials, developing process and 
fabrication technology, and writing process and materials specifications. 

The prime source of materials and processes for the project is 
the TRW Systems Group Materials and Processes Engineering Handbook. 
New specifications written for materials and processes not covered in 
the Materials and Processes Engineering Handbook will be controlled by 
the parts, materials, and processes manager who will have the final 
authority on any deviation required. 

A thorough application review of each material and process 
required on the project will be made. Each review will consider the 
conformance of the project requirements to existing TRW Systems Group 
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approved specifications. When the need for new materials and processes 
is indicated, it will be the responsibility of the parts, materials, and 
processes manager to direct the development and implementation of the 
necessary revisions or new specifications. 

Materials and processes specialists will participate in the design 
reviews as members of the review board. Concurrence with the design 
will be made by sign-off of the drawings and specifications when all 
conflicting items have been resolved. 

When a material or process specification is released, it will be 
reviewed by the manufacturing process section. Some specifications are 
sufficiently definitive so that no additional directions are needed for the 
manufacturing division. Other specifications cannot be used by non- 
technical personnel without additional instructions. If the specification 
needs detailed step-by-step instructions to carry out the process in 
manufacturing, a fabrication process procedure (FPP) is written by the 
manufacturing process section with direction from materials and 
processes specialists. This could be a general document for a particular 
application. These documents are reviewed by the quality assurance 
organization for concurrence prior to being released for use. 

In a similar fashion, all material or process specifications must 
be reviewed by the quality assurance organization. This review is to 
determine if sufficient instruction is provided for inspection personnel. 

It is always necessary to provide workmanship criteria for satisfactory 
results from the process and to provide detailed surveillance and 
inspection instructions to verify these results. 

In this way each process specification is well defined as to the 
engineering requirements that are established, the means of achieving 
these requirements, and the verification that these requirements have 
been achieved. 
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CHAPTER 4: TESTING AND RELIABILITY EVALUATION 


1A400 General 


F or the ERTS project an integrated test program in conjunction with 
reliability assessments will be performed throughtout the course of the 
project beginning with developmental tests and extending through orbital 
operations. The related tasks of environmental testing, test monitoring, 
failure mode, effects analyses, and reliability assurance analyses are 
coordinated and approved by the manager for performance assurance, 
thus permitting the correlation of prediction and test results as well as 
the monitoring of the effectiveness of corrective action. 

v 

All testing conducted where reliability of the product could be 
affected will be evaluated to correlate the test results with reliability 
predictions. Where failures occur and corrective action is required, 
subsequent testing will be evaluated to verify the effectiveness of any 
proposed changes. Thus, a degree of confidence is established that the 
equipment meets the requirements of the mission. Reliability data will 
be derived from the following primary sources: 

• Tests of parts and materials 

• Environmental and functional tests of developmental 
hardware 


• Qualification test data from environmental and functional 
tests of parts, components, subsystems, and systems 

• Acceptance test data from environmental and functional 
tests of components, subsystems, and systems 


Operational data from integration, prelaunch, launch, and 
orbital operations 


software at all stages 




An exception to the above is that testing of si 
of the project provides an accumulation of test data from which a meaning - 
ful evaluation of software reliability can be made. The ultimate objective 
is not correlation of test results with previously generated reliability 
predictions, but rather a steadily growing confidence that the accomplished 
testing guarantees adequate environmental software operation. The basic 




: 


assumption that software reliability increases as the software is used and 
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failures are identified and corrected is fundamental in the requirement for 
test data accumulation and analysis as part of a well planned software 
testing activity. A key element of the approach to best fulfill this require- 
ment is the extensive use of automated, software quality assurance tech- 
niques (PACE) to aid in identification of computer program failure 
structures, preparation and maintenance of test data, and analysis of test 
results with measures of test plan effectiveness. 

1A401 Reliability Evaluation Plan 

The detailed reliability evaluation plan will be submitted in 
accordance with the phase D work statement. 


1A402 Testing 
1A402. 1 General 

The initial task in the environmental test program is the 
establishment of the general environmental test specifications. Exposure 
levels for environmental qualification and acceptance tests are detailed 
in the environmental specifications. These specifications will be reviewed 
by reliability personnel to verify adequacy to meet the stated objectives 
and to recommend changes in the tests to increase the reliability data 
output. 

1A402. 2 Qualification Testing 

Qualification tests will be performed on prototype components 
assemblies to qualify the design for the intended application. Laboratory 
environmental qualification tests will simulate conditions that are more 
severe than the environments for transportation, handling, storage, 
launch, and flight but do not exceed design safety margins. The qualifica- 
tion test articles are representative of the flight hardware. 

Particular emphasis will be placed in searching the design for 
deficiencies and in keeping accurate test records, failure and rejection 
reports, and engineering data. Fabrication, design, and quality per- 
sonnel will be informed of design deficiencies as they are revealed to 
solicit their recommendations. Interface problems between assemblies 
of a subsystem will be evaluated. 
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All parts, devices, and materials for use on new builds for ERTS 
are qualified by testing or by documented similarity. The detailed parts 
and materials lists for use on ERTS are furnished as a section in the 
ERTS phase D proposal in response to paragraph 7. 11.4 of NASA/GSFC 
Specification S-701-P-3. 

A significant task which must be performed through the combined 
efforts of the responsible unit/engineer /project engineer and the responsi- 
ble reliability engineer is the identification of highly critical elements of 
the GDHS software. This is followed by a determination of cost effective 
testing techniques which ensure maximum confidence in the ability of the 
identified critical components to meet specified requirements. Appro- 
priate measures dependent on the nature of criticality of items identified 
will be implemented and data supplied as necessary for performance of 
failure mode, effect, and criticality analyses. Valuable assistance will be 
provided in accomplishment of this task through use of software quality 
assurance test tools as appropriate. Specific features which will be help- 
ful in this regard include automated identification of portions of computer 
programs which are either used a great deal or never exercised by the 
test plan, and subsequent assistance in generation of supplementary test 
data as well as intermediate reports which indicate the summary effective- 
ness of testing thus far accomplished with an identification of potential 
problem areas. 

Component assembly qualification testing will be performed on the 
prototype model of each unit in the ERTS spacecraft. The requirements 
of each component will simulate conditions more severe than the component 
will endure in operation. 

1A402. 3 Test Sp ecification, Procedures and Reports 

The details of the test specifications, procedures, and reports 
required for ERTS are described in the ERTS configuration management 
plan. 

1A402. 4 Life T esting and Reliability Demonstration 

No formal life tests or reliability demonstration tests at the com- 
ponent and higher levels of assembly are anticipated for the ERTS 
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contract. Data evolving from prototype, qualification, acceptance, and 
flight will be analyzed to measure system reliability. 

1A403 Reliability Assessment 

TRW Systems Group will update the reliability predictions described 
in paragraph 1A302 above during major milestones in the phase D program. 
The revised assessments will factor in the results of applicable tests, 
additional mathematical analyses, and additional engineering analyses 
performed subsequent to the initial prediction. The revised assessments 
will reflect all applicable design changes and refinements subsequent to 
the previous assessment. 

1A404 Reliability Evaluation Program Reviews 

At major milestones specified in the work statement joint NASA/ 

TRW Systems Group reviews will be held to assess the ERTS reliability 
evaluation program. For each review, the tests results and resulting 
updated reliability assessments will be critically examined. The results 
of each review will be documented and submitted to NASA/GSFC for 
approval. 
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APPENDIX A 


COMPARISON OF NHB 5300 XXX AND NPC 250-1 



NHB 5300 XXX 

250-1 


May 1969 

July 1963 

Reliability Program Management 

Program Management 

1A200 

Organization 

2 1 

1A201 

Reliability Program Plan 

2 2 

1A201 

(2) Separate Site Plan 

— 

1A202 

Reliability Program Control 

2 4 

1A202 

(2) Reliability Program Audits 

— 

1A203 

Reliability Progress Reporting 

2 3 

1A204 

Reliability Training 

2 5 

1A205 

Subcontractor and Supplier 
Control 

2 6 

1A206 

Control of Government 
Furnished Property 

2 7 

Reliability Engineering 

Reliability Engineering 

1A300 

General 

3 1 

1A301 

Design Specifications 

3 2 

1A302 

Reliability Prediction and 
Estimating 

3 3 

1A302 

(2) Functional Block Diagrams 

— 

1A303 

Failure Mode and Contingency 
Analyses 

3 4 

1A304 

Maintainability and Elimination 
of Human Induced Failure 

3 5 

1A305 

Design Review Program 

3 6 

1A306 

Problem Occurrence Reporting, 
Correction, and Recurrence 
Prevention 

3 7 

1A306 

(1) (a) (b) (c) (d) (e) (f) (g) (h) 
Attributes of the Activity 

— 
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May 1969 

July 1963 

Reliability Engineering (continued) 

Reliability Engineering 

1A306 

(2) (a) (b) Information to 
be submitted 

— 

1A307 

Standardization of Design 
Practices 

3 8 

1A308 

Parts and Materials Program 

3 9 

Testing and Reliability Evaluation Testing and Reliability Evaluat] 

1A400 

General 

4 1 

1A401 

Reliability Evaluation 
Program 

4 2 

1A402 

Testing 

4 3 

1A402 

(3) (a) (b) (c) (d) Qualifica- 
tion Testing 

— 

1A402 

(4) Test Specification 
Procedures and Reports 

— 

1A402 

(5) Life Testing and Reliability 
Demonstration 

4 3 4 

1A403 

Reliability Assessemnt 

4 4 

1A404 

Reliability Evaluation 
Program Reviews 

4 5 


Covered m NHB 5300 4(1 B) para 1B706 3 10 
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APPENDIX B 

DESIGN REVIEW, GENERAL PROCEDURE 


1 PURPOSE 

This general procedure provides design review practices and 
methods applicable to the assurance of designs characteristic of product 
lines General methods are outlined to assure that design reviews meet 
the primary objectives of TRW Systems Group as prescribed m standard 
practices Definitions are given for the essentail administrative and 
technical phases of design review procedures Standards for minimum 
technical participation m design reviews are established for development 
projects characteristic of product lines 

2 APPLICABLE DOCUMENTS 

All of the following company and Government documents are appli- 
cable to the definition and description of design reviews as established 
m this general procedure Specific methods provided herein are directec 
toward satisfying the reliability program requirements for design review 
{given m documents a and b) 

a TRW Systems Group, Reliability Manual RMS- 5 
(Design Review) 

b NASA, NPC 250-1, Reliability Program Provisions 
for Space Systems Contractors 

c NASA, NHB 5300 4- IB, Quality Program Provisions 
for Aeronautical and Space Systems Contractors 

3 DEFINITIONS 

3 1 DESIGN REVIEW 

A procedure for the timely reexamination of the details of a design 
(disclosed m the form of prescribed engineering data) by experienced 
technical specialists who have not themselves contributed directly to the 
documented design decisions Design reviews will achieve this primary 
purpose as well as secondary purposes of (1) project status reporting and 
(2) intra-project communications 
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3 2 DESIGN REVIEW CYCLE 


The set of sequential events which provide for (1) an orderly con- 
solidation of engineering data for design disclosure, (2) study of this 
data by impartial specialists, (3) recording of recommended corrective 
measures, and (4) the assignment {and follow-up) of action items where 
warranted The establishment of pertinent design-change recommenda- 
tions is the principal purpose of assigning action items within a design 
review meeting 

3 3 DESIGN REVIEW MEETING 

A formalized technical conference {providing for a chairman, sec- 
retary, and meeting minutes) for the purpose of recording design correc- 
tive measures recommended by the impartial specialists who have pre- 
viously studied the disclosed engineering data Design review meetings 
will minimize the utilization of time for restating information already 
contained m the disclosed engineering data 

3 4 DESIGN REVIEW DATA PACKAGE 

The accumulated engineering data (which conforms to minimum 
project requirements on its technical content and format) is intended for 
careful study by the assigned technical specialists prior to a design 
review meeting 

3. 5 DESIGN REVIEW COMMITTEE 

The appointed group of independent specialists whose recommended 
corrective measures are recorded during a design review meeting and 
entered into the minutes 

3 6 PRESENTING ENGINEER 

The engineer who acts as spokesman for the design {represented 
by the design review data package) and who is prepared to state the 
reasons for the selected design configuration and its detailed 
characteristics 
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3 7 DESIGN REVIEW NUMBER 


A designation of the time phase of a given design review cycle with 
respect to the evolution of any product design Thus, there will be a 
first, second, and third design review for any given product design 

3.7 1 Conceptual Design Review 

The first (number 1) in a series of design reviews, conducted to 
verify the validity of the design concept m relation to established system 
constraints and criteria 

3 7 2 Development Design Review 

The second (number 2) m a series of design reviews, conducted 
to verify the validity of internal technical features of the design as dis- 
closed by engineering studies and technical data 

3 7 3 Preproduction Design Review 

The third (number 3) in a series of design reviews, conducted to 
verify the completeness and accuracy of engineering data (drawings, 
specifications, etc ) to be released to manufacturing 

3.7 4 Contingent Design Reviews 

Any design review conducted after design review number 3 and 
normally provided to (1) reassess design status after later testing phases 
(2) evaluate the effects of significant design modifications, or (3) conside: 
the suitability of a completed design for a new application 

3 8 FORMAL, DESIGN REVIEWS 

A designation of the staging of design review meetings usually 
prescribed by customer requirements and often entailing attendance by 
customer representatives 

3 9 SUBCONTRACTOR DESIGN REVIEW 

A design review meeting conducted with the subcontractor normally 
assuming the data package and presenting engineer responsibilities and 
TRW Systems Group providing an attending customer representative 
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3. 10 DESIGN REVIEW INSTIGATOR 


The responsible TRW project or functional manager who authorize 
the conduct of a design review procedure and provides appropriate 
funding and schedule controls 

4. DESIGN REVIEW RESPONSIBILITIES 

4.1 PARTICIPANTS 

The responsible participants and their assigned functions for any 
design review cycle are as outlined m Table 1 The responsibilities 
of the instigator and the design review staff are sustained throughout the 
complete implementation of design review cycles for each equipment 
and thereby provide continuity to the design review procedure The 
committee chairman, technical secretary, responsible engineer, pre- 
senting engineer, and committee members are appointed m accordance 
with Table 1 for a limited tenure as required to complete each of the 
required design review cycles 

4.2 INSTIGATORS 

a In the performance of internal design review functions, 
the instigator will be the product line manager (at 
laboratory level or above) responsible for the 
equipment involved 

b In formal design reviews, the instigator will be the 
corresponding project manager 

4. 3 DESIGN REVIEW PLANNING 

The instigator of design reviews, will plan for and control fiscal 
budgets m accordance with all design review requirements Three 
design review cycles (conceptual, development, and preproduction) 
will be provided for each equipment as a matter of standard policy. 

When conceptual design reviews are of sufficient technical depth to 
cover the conceptual factors of all included elements, repeated reviews 
at lower configuration levels will not be scheduled 
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Table 1 Responsibilities of Participants for Internal Design Reviews 


Responsible Participant^) 


Design Review Function 


Instigator 

Product Line Manager 
(Laboratory or above) 


Committee Chairman 


Member Design Review 
Staff 


( Technical Secretary) 


Responsible Engineer 


Presenting Engineer 


Committee Members 


J 


1 Authorization and funding of specific design review actions 

2 Establishes design rev ew master schedules and periodic updating 

3 Designates responsible engineer who has cognizance for the design 
to be submitted to design reviews 

4 Appoints committee chairman for each design review meeting 

5 Appoints to. the design review committee senior design spec alist 
(i e with technical stature equ alent to that of the responsible 
engineer and/or presenting engineer) 

6 Approves disposition (i e acceptance or justified rejection) by the 
responsible engineer of each recorded recommendation of the design 
review committee 

1 Presides over specific design review mcctmg(s) for which he is 
appointed 

2 Directs the transmittal of specific recommendations from the design 
review committee to the responsible engineer 

3 Directs the responsible engineer to implement design corrections 
before a prescribed time interval 

4 Directs the recording of action items in the course of design review 
meetings and assigns appropriate proj«ct funds and completion 
schedules 

1 Provides a general procedure as a planning guide for design reviews 

2 Prepares specific design review procedures as requested by the 
instigator 

3 Provides means to account for all design review admimstrat ve con 
trols in behalf of the committee chairman 

4 Appoints participating committee members [other than the senior 
design specialists appointed by the instigator) in cooperation with 
the committee chairman and the instigator 

5 Instructs the respons ble engineer on the data package requirements 
as preacrib d in the applicable d< sign rcvic procedure 

6 Provides the technical secretary to perform the follow ng functions to 
support of design review meetings 

(a) Instruct the chairman committee members and other participants 
on the prescribed proceedings established in the applicable design 
review procedure 

(b) Take the minutes of design review meetings, including design change 
recommendations and those action items which the chairman 
directs will be entered into the minutes 

(c) Document technical findings in the form of Agreements and 
cautionary comments in the form of Alerts into the minutes of 
design review meeting as found necessary 

(d) Prepare and issue action tern summaries and meeting min Ues 

1 Directs and controls preparation of the design review data package 
in accordance with established procedure and schedule for the design 
review 

Z Provides for reproduction and distribution of the data package to al! 
members of the design review committee its chairman and technical 
secretary 

3 Appoints the presenting engineer for each design review meeting 

4 Makes disposition of all design recommendations made by the design 
review committee and placed into the minutes by the chnrman 

1 Makes oral briefings on the disclosed design in behalf of the responsi 
ble engineer 

"> An wen technical inquiries made by the members of the committee in 

both the course of data package analysis and design review meetings 

3 Participates tn technical interchange at design review meetings and 
implementation of action items as assigned by the committee chairman 

Provide dita package ana ysis and attend design review meetings as 
specialists in their technical areas in conformance with the established 
schedule for a design review 

2 Complete data package analysts prior to the design review meeting 
and communicate with presenting engineer to clarify technical issues 
pursuant to data package analysis 

3 Provide tri writing dentgn recommendations based upon areas of 
technical specialty and present these proposals to the committee 
chairman at the time of the design review meeting 

4 Participate in technical interchange at design review meetings and 
implementation of action items as assigned by the committee chairman 
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4 4 FORMATION OF DESIGN REVIEW COMMITTEES 


Design review committees will be formed to assure the scope of 
technical specialty prescribed by this design review general procedure 
m Table 2 This table prescribes the affiliation of each participant by 
whom he is designated and which design review number he is required tc 
attend 

5 DESIGN REVIEW PROCEDURE 
5 1 PRINCIPAL FACTORS 

There are two related functions established and controlled by this 
general procedure (1) the engineering tasks necessary to complete a 
design review cycle and (2) the arrangements and recording tasks neces- 
sary to control design review cycles Figure A2-1 shows these factors 
for a representative design review cycle 



DESIGN REVIEV/ ENGINEERING TASKS 


Figure B“1 

BASIC ENGINEERING TASKS AND ARRANGEMENTS/RECORDS 
FOR RESIGN REVIEW CYCLES 

5 2 ENGINEERING TASKS 

5 2 1 Preparation of Project Design Review Procedure 

The cognizant design review instigator will direct the design review 
staff to prepare individual design review procedures when required to 
augment this general procedure 
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Table 2 Participants in Design Review Meetings 


II 


in 


A ssigned 
Res pon sibility 

Participation Speciality 

Affiliation 

Designated 

By 

Required for Design Renew 

#1 U # 3 

Presenting 

Spokesman for Electrical cn cuitry 

Unit engineer from Prod- 

Responsible 




Engineer(s) 

design disclosed Mechaiucal deslgn 

m data package ° 

uct Line Laboratory 

engineer from 
Product Line 

X 

X 

X 


Electronic packaging 

Product engineei 

Laboratory 




Design Review 

Meeting Instigated by 

Product Line 





Committee 

Chairman division 

Laboratory 






Instigated by other 
division 

Project office 

Instigator 

X 

X 

X 


Senior design specialist(s) (one or 

Outside of responsible 






two with stature equivalent to respon- 
sible engineer or piesentmg 

Design Department 

Instigator 

X 

X 

X 


engineer 







Member, design review staff 



X 

X 

X 


Reliability analysis 

Product Integrity 


X 

X 

X 


Electronic components (parts) 

Laboratory 

Design 


X 

X 


Materials and processes 


Review 


X 

X 


Quality assurance 


Staff 



X 


Manufacturing 

Hardware operations 




X 


Value engineering 

TRW Systems Product 
Assurance 




X 

Special 

,f On-Call M Interfacmt equipment 






Attendees 

Committee MasS pr °P ertieS 

TRW departments 

Design 

As designated in design 


Thermal design 

maintaining specialty 

, Review 

r evi ew 

meeting notices 


Magnetic properties 

responsibility 

Chairman 





Suppoit engineering 
Other specialties 


The Design review staff member may serve as the technical secretary at design review meetings and functions as a committee member He 
reviews data packages and serves as participating specialist m the matters of 

1 Confoimance with stated company and division policies on design review 

2 Interchange of design review expenence (from ofchei projects) by recognition of repetitive design-correction i equirements 

3 Assurance of combined effectiveness of product integrity support m parts, materials -processes and l eliability 

4 Conformance with requirements of TRW functional manuals foi design-disclosure information (specifications, drawings, 
analyses, test data, etc ) 



5 2 2 Data Package Prepartion 

Data package requirements will conform to the minimum contei 
shown {for each numbered design review and hardware subdivison) m 
Table 3 

5.2 3 Data Package Analysis 

Analysis of the design data given m the data package is the pnn 
responsibility of the assigned committee members 

5 2 3 1 Design Change Recommendations 

Written recommendations for design change will be prepared b} 
members of the design review committee during the course of data 
package analysis and brought to the design review meeting In the ev 
that a committee member submits no change recommendations to the 
chairman during the design review meeting, the minutes will documei 
his approval of the design as represented by the design review data 
package 

5 2 4 Design Review Meetings 

Requirements for the specific responsibilities of the chairman, 
technical secretary presenting engineer and the design review com- 
mittee m their participation in design review meetings are as outlmec 
m Table 1 Meetings will be scheduled for a period sufficient to cove 
the planned agenda but preferable not longer than one (1) day per desi 
review cycle 

5 2 5 Action Item Implementation 

Design review cycles will be considered completed only when 
assigned action items have been completed by those to whom they are 
assigned and reported m accordance with paragraph 5 3 4 Action it' 
identification and assignment will be provided by the chairman of eacl 
design review meeting Design review action items will be controlled 
as critical design requirements 

5 2.6 Committee Approval Status 

Approval of the design represented by the distributed data packs 
is contingent upon satisfactory completion of all assigned action items 
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Table 3 Design Review Data Package Requirements 


Technical InJfoimalion 


Dt sign Rt\ icw Cycle 


X - Prclimmaiy 
Y - Updated 
Z - Final 


As normally piovidcd 
m the course of equip- 
ment design 


Yum be 1 

rfl ffZ #3 


Haidwaic Subdivision 

System Subsystem n Maioi 

J 7 Component 


W 

I 

sO 


1 

Table 

of Contents for Data Package 




2 

Requirements versus Capabilities 





2 1 

Operational Mission 

Z 




2 2 

Mission Reliability and Apportionments 

X 

Y 

z 


2 3 

Functional Modes and Charactei isttes 

X 

Y 

z 


2 4 

Physical Characteristics (size weight, c g , etc) 

X 

Y 

z 


2 5 

Use of Resources {Power, Expendable Gas, etc ) 

X 

Y 

z 


2 6 

Environmental Extremes 

X 

Y 

z 

3 

Design Disclosure Data 





3 1 

Functional Tlow (Block) Diagrams 

X 

Y 

z 


3 2 

Equipment Specifications 

X 

Z 



3 3 

Test Specifications 


X 

z 


3 4 

Tail-Safe and Redundancy Provisions 


X 

z 


3 5 

Assessed Reliability (Compared to Appoi tionmenl) 


X 

z 


3 6 

Drawings, Structural and Packaging 


X 

z 


i 7 

Drawings, Schematics 


X 

z 


3 8 

Measurements Data 


X 

z 


3 9 

Parts, Materials and Processes Fists 


X 

z 


3 10 

Qualification Test Data 



X 

4 

Design Rationale 





4 1 

Trade-Off Analyses 

X 

Y 



4 2 

Description of Alternate Designs 


X 

Y 


4 3 

Interface Compatibility Analyses 


\ 

/ 


4 4 

Tolerance Accumulation Analyses 


\ 

z 


4 5 

Use of PnfLiied Paits, Matenals and Piocesses 


X 

z 


The daU package foi each design review should contain a n atux chait showing icquiremcnis veisus capability foi all essential 
design cha t nclenslics This chart should summarize the specification lequuements foi each det>i^n cl u ractcrislic tlunt, with the 
cui l ent iSbOisment ox p jv cd capabilities as demonsliatcd by lest data 01 analytical compulations V tth deficiency or i l i ( atci ( d 
deficiency should b< indicated on the matux chait 



and compliance with alerts and agreements entered into the minutes by 
the design review committee through the chairman 

5 3 ARRANGEMENTS AND RECORDS 

In support of each design review cycle, appropriate arrangements 
will be made and records kept by the design review staff (including the 
meeting technical secretary) to assure efficient participation of personnel 
and documented progress records These records will take the form of 
design review correspondence m the following areas 

5 3.1 Meeting Notices 

Based upon a master schedule of design reviews, established by the 
cognizant instigator, individual meeting notices will be prepared and dis- 
tributed m conjunction with the distribution of the prescribed data 
packages to scheduled participants. 

The meeting notices will designate the responsible meeting chair- 
man technical secretary presenting engineer and committee members 
is well as any special attendees An agenda will be distributed with the 
meeting notices This agenda will outline the technical topics to be 
:overed and their order of consideration. The responsibilities of 
:ommittee members will be briefly restated m the meeting notice 

>.3 2 Action Item Summary 

As soon as practicable, after the adjournment of a design review 
meeting, a summary of action items recorded at the meeting will be 
hstributed to all participants. The action item summary will show the 
>recise action required, the name of the person assigned the task respon- 
sibility and a scheduled requirement date 

i 3 3 Meeting Minutes 

As soon as practicable, after the adjournment of a design review 
neetmg, minutes of the design review meeting will be distributed In 
.ddition to assigned action items, the minutes will give a brief abstract 
>f all firm committee recommendations during the technical proceedings 
These will include technical clarifications in the form of 11 Agreements" 

.nd cautionary comments or "Alerts 11 
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5 3 4 Action Item Responses 


Responses to action items will be made m writing by those to whom 
they were assigned They will be addressed to the chairman and the 
ESD Design Review Staff and maintained by the design review staff as 
an mtergral part of the official record of the corresponding design review 
cycle 

5 3 5 Action Item Status Reports 

The status of action item responses will be periodically summar- 
ized by the design review staff to note items which are late m accordance 
with the scheduled requirements given in paragraph 5 4 These reports 
will be prepared periodically and addressed to the chairman and instigator 

5.4 SCHEDULES 


The specific calendar schedules for project design review meetings 
will be placed on the product line master schedule and adjusted to assure 
practical compliance with the following time- interval requirements 


5 4 1 Minimum time scheduled for study of data package 

by committee members 5 working days 

5 4 2 Maximum time duration for preparation and 

issuance of action item summaries 5 working days 


5 4 3 Maximum time duration for preparation and 
issuance of meeting * 


10 working days 


5.4 4 Maximum time duration for response to all 
assigned action items 


20 working days 


6 TECHNICAL APPLICABILITY 

6. 1 PRINCIPAL PROJECT APPLICATIONS 


This general procedure on design review is applicable to either 
hardware or software items Numbered design review cycles will be 
applied to software designs where effective 

6 2 HARDWARE SUBDIVISIONS 


Design review cycles will be scheduled for each major hardware 
subdivision of any system or subsystem Design review cycles will also 
be scheduled for meaningful groups of these system subdivisions to assure 
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effective design integration 
6 2.1 System and Subsystem 

Conceptual design reviews will be scheduled to validate the design 
at the highest level of assembly (viz subsystem or system) for which 
Electronic Systems Division has design responsibility Emphasis is 
placed upon the review of trade-off analyses and configuration decisions 
as based upon system level criteria and requirements System (or sub- 
system) level conceptual design review cycles will incorporate the con- 
ceptual analysis and review of the major components contained therein 

6.2.2 Major Components 

Development design reviews will be scheduled at intermediate 
design phases for each major component and at higher hardware levels 
when necessary to assure effective component integration Technical 
emphasis is placed upon the review of design trade-off of mtra- component 
requirements and the study of design verification by laboratory testing 

6 2.3 Lower Assembly Levels 

Pre-production design reviews will be scheduled for each major 
component at the phase of development just prior to the release of final 
engineering drawings to Engineering Data Management and will incorpor- 
ate detailed review of their lower assembly levels Emphasis will be 
placed upon the completeness and accuracy of the design- release data and 
upon the assurance of manufacturing-phase planning and efficiency 

6 3 FUNCTIONAL SUBDIVISIONS 

Within hardware subdivisions separate design review cycles or 
designated portions of design review meetings can be devoted to meaning- 
ful functional subdivisions For designs these functional subdivisions will, 
m general be restricted to (1) electrical circuit functions and (2) physical 
packaging functions. The scheduling of separate design review cycles or 
meetings for many functional subdivisions will be avoided to assure con- 
trol of design review costs 

6 4 CONTINGENT DESIGN REVIEWS 

Where necessary, contingent design reviews will be planned and 
scheduled for hardware or functional subdivisions and will entail the 
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the same steps of design review procedure prescribed m paragraph 5 
Such reviews must be initiated and funded by the instigator of this 
general procedure 

6 5 SUBCONTRACTOR DESIGN REVIEWS 

Design reviews for subcontracted design items will be planned 
scheduled, and coordinated by means of the procedural controls of 
paragraph 5, insofar as the subcontract provides* The technical finding! 
from subcontractor design review cycles will be addressed to the design 
review staff for correlation with the design review results from the 
next higher level of assembly Product evaluation summary reports 
prepared by the design review staff will include all technical and status 
data obtained from subcontractor design review activities for the 
corresponding development project 

7 AUTHORIZATIONS 

The required design review documentation with corresponding 
authorizations are given m Table 4 
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1.0 SCOPE 

1.1 Objectives 

The reliability disciplines contained within this plan are generated to 
be consistent with the requirements of NPC 250-1 These disciplines 
are applicable to all deliverable product end items of the ERTS Project 
as specified in the product specification The subcontractor is 
required to plan and implement a reliability program as an integral 
part of the design, development and production cycle 

1 2 Application 

This document is applicable to the extent specified in the Statement 
of Work 

2 0 REFERENCED DOCUMENTS 

NPC 250-1 Reliability Program Provisions for Space System 

Contractors 

MIL-HDBK-217A Reliability Stress and Failure Rate Data for Electronic 
Equipment 

GSFC Preferred Parts List PPL— 1 0 

3 0 GENERAL REQUIREMENTS 

3 1 Reliability Program 

The subcontractor shall submit a preliminary reliability plan with his 
proposal and an updated plan in accordance with the lequirements of the 
statement of work. The subcontractor's reliability plan must be 
approved by TRW Svstems In the case of conflict between the subcon- 
tractor's reliability plan and. the requirements of this document, 
PAR-700-54 shall prevail 
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3 2 Reliability Requirements 

The quantitative reliability requirements and demonstration of these 
requirements shall be as specified in the equipment specification 


DETAILED REQUIREMENTS 


The subcontractor's reliability Plan shall acknowledge and indicate his met! 
of complying with the following detailed elements These elements are con- 
sidered necessary to ensure the effective management and implementation of 1 
overall reliability program 


4 1 Reliability Organization 

The reliability plan shall identify the organization and the key per- 
sonnel responsible for implementing the overall reliability program 


4 2 Reliability Analysis and Prediction 

The reliability plan shall indicate the procedures to be followed in 
analyzing product reliability Detailed requirements for reliability 
analysis are as follows 


4.2 1 Reliability Prediction 

The reliability prediction shall include (1) a brief descnpti 
of operation of the product, (2) a reliability mathematical 
model, (3) a reliability block diagram, (4) a schematic diagra 
(5) a temperature and electrical stress analysis (4362) 
for each electronic part (to be used for adjusting the 
generic failure rates given in Appendix A) and (6) a predictio 
based on an orbital mission time of one year in orbit minimum 
and adjusted for the duty cvcle of the equipment Reliability 
predictions shall be performed using methods aoproved by TRW 
Systems Basic electronic part failure rates listed in 
Appendix A shall be adjusted for actual use conditions in 
accordance with methods indicated in MIL-HDBK-217A Failure 
rates of items not listed shall be submitted to TRW Systems 
for approval 
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422 Failure Mode and Effects Analysis 

The subcontractor shall perform and document Analyses of Failure 
Modes and Effects (FMEA) at the component level The analyses 
shall determine the possible modes of failure and their causes 
whereby the subcontractor's end-item could fail to perform its 
intended functions or meet failsafe requirements as defined by 
the product specification 

4 3 Part Selection and Control 

The subcontractor shall implement a program for part selection and con- 
trol commensurate with the equipment reliability and functional life 
requirements Each part shall be controlled by a detailed specifica- 
tion which provides for compliance with the requirements listed below 
Copies of typical part specifications for each part type (transistors, 
ceramic capacitors, metal film resistors, etc ) shall be provided to 
TRW Systems for review and approval 

The parts program shall provide for the following 

431 Part Selection 

The subcontractor shall utilize in his deliverable equipment 
only parts with oroven use and reliability histones for 
similar applications For flight equipment, parts should be 
selected in accordance with the following order of preference 

ERMIL Established Reliability Military Specifications 

JAN-TX Specifications for Semiconductor Devices 

TRW or subcontractor high reliability specifications and 
standards 

The subcontractor may use the TRW Systems document, M260618 
titled, “Approved Parts List, Earth Resources Technology 
Satellite" as a guide This document will be made available 
to the subcontractor upon request 


O 
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For the purpose of this document, for flight equipment, the 
above high reliability parts are defined as standard and all 
other electronic parts are defined as being non-standard 
Whenever the subcontractor elects to use a non-standard elec- 
tronic part, he shall present to TRW Systems for approval his 
justification, the procurement specification, and other control/ 
screening documents aopli cable 

The selection and screening requirements for non-standard flight 
equipment parts shall be equivalent to those for the standard 
parts and in no event shall be less stringent than the require- 
ments of Goddard Space Flight Center Preferred Parts List, PPL-1C 
TRW Systems approval will be required to utilize supplier high 
reliability programs 

For ground equipment, the selection and application^ parts 
shall, as a minimum, meet the applicable requirements of the 
GSFC Preferred Parts List, PPL-10 

432 Non-Standard Parts Screening 

All non-standard electronic parts used in the equipment delivered 
to TRW Systems must be subjected to a sequence of 100% (i e each 
part) screening tests as showmn Appendix B For electronic part 
. not listed in Appendix B, TRW Systems' approval must be obtained 
prior to use 

433 Part Traceability 

The subcontractor shall comply with traceability requirements 
for all parts used within the deliverable equipment Traceabilit 
from a deliverable unit to a manufacturer's part processing lot 
(backward traceability) is required Criteria for lot definition 
shall be established in the procurement documentation Most 
ERMIL and JAN-TX specifications satisfy this requirement 

Part serialization of critical items such as relays, crystals, 
switches, valves, and micro circuits should be considered to 
aid in selection where critical matching is required 
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4.3.4 Part Qualification 

All electronic parts shall be qualified to environmental levels 
commensurate with related "MIL" soecification limits for similar 
part types or with equipment environmental requirements, which- 
ever is more severe Qualification tests shall include electri- 
cal, environmental, life, and mechanical testing in accordance 
with military specifications for similar parts 

Qualification tests shall be performed on each lot of parts 
unless otherwise authorized by TRW Systems The subcontractor 
shall indicate in his program plan those parts considered 
qualified and the rationale, and shall present a plan to 
qualify the remainder Copies of the qualification test data 
shall be submitted to TRW Systems 

4.3 5 Parts Standardization 

The subcontractor shall review his equipment design for the 
purpose of reducing the number of part tyoes and institute con- 
trols aimed at limiting the addition of new part types The 
TRW ERTS APL, M260 618, may be used as a guide 

436 Parts Application 

The subcontractor shall maintain and implement design guide- 
lines for the application of electronic parts As a minimum, 
the subcontractor shall provide for the following 

4361 Parameter Variation 

The subcontractor shall make allowances in his design 
for parameter variations of electronic parts These 
variations shall consist of end-of-life values as 
affected by time, temperature, and environmental 
conditions End-of-life values for standard parts 
will be supplied by TRW Systems to the subcontractor 
upon request for use as a guide 
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4.3 6 2 Part Derating 

The subcontractor shall implement criteria for the 
derating of electronic parts appropriate with reli- 
ability requirements Derating to 25 % of the manufac- 
turer's recommended maximum is desirable for signifi- 
cant stresses such as dissipated power for semicon- 
ductors and resistors, voltage for capacitors and 
current for relays, contacts, inductors, and 
transformers 

A part stress analysis shall be accomolished and 
maintained which indicates part rated stress, maxi- 
mum operating stress and average stress for signifi- 
cant parameters such as voltage, current, dissipated 
power and operating temperature limits for each 
electronic part used in the equipment design These 
data will be reviewed at the design reviews prior 
to apDroval of design 

4 Materials and Processes 

The subcontractor shall establish a program for selecting, controlling 
and qualifying materials and processes which are used in his equipment 
design Each material and process shall be controlled by applicable 
specifications and procedures including those processes performed at 
outside facilities All materials and processes specifications shall 
be submitted to TRW Systems for review and approval 

4 4 1 Material and Process Program 

The subcontractor's reliability plan shall indicate the facili- 
ties and personnel available to support the material and process 
effort and indicate how these facilities and personnel will be 
employed to ensure an effective material and process program 
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4.4 2 Material and Process List 

The subcontractor shall list all materials and processes and 
documentation controlling their procurement and application of 
(1) the material or process, (2} manufacturer, (3) manufacturer's 
description, (4) general description, (5) procurement specifica- 
tion, and (6) qualification status Documentation used to 
Implement processes shall be available for TRW Systems' review 
This list must be updated periodically to reflect related 
changes in the design configuration 

44.3 Material Traceability 

The subcontractor shall comply with traceability requirements 
for all materials used within the deliverable equipment Trace- 
ability from a deliverable unit to the manufacturer's lot (back- 
ward traceability) is required 

4 5 Failure Data Collection and Corrective Action 

The subcontractor shall implement a failure reporting and corrective 
action system in accordance with the requirements listed below A failure 
is defined as any inability of a part, subassembly, component or function 
to perform in accordance with product specification requirements 

451 Failure Reporting and Corrective Action System 

The subcontractor shall implement a formal and controlled system 
for the reporting, analysis, corrective action, and data feedback 
of all failures and malfunctions which occur during all acceptance 
tests on deliverable products This system shall emphasize 
reporting, analysis and corrective action of all failures and 
malfunctions, regardless of their apparent magnitude The sub- 
contractor shall accomplish timely and appropriate action to 
prevent recurrence of these failures and malfunctions The 
subcontractor's reliability organization shall review the pro- 
cedures and monitor the implementation of this system The 
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subcontractor shall submit, as part of his reliability plan, 
sample copies of his failure reporting, failure analysis and 
corrective action formats 

4.5.2 Failure Notification 

The subcontractor shall report failures to TRW Systems no later 
than 48 hours after the failure event The TWX shall be address 
to the cognizant TRW Systems Contracts Administrator 

453 Failure Reporting 

The subcontractor shall document all failures as defined in 
4 5 providing information to adequately describe the failed 
equipment, the operation in progress, the conditions of failure, 
the symptoms of failure, the action taken at the time of failure 
and the opinions of those who observed the failure as to the 
probable causes and possible methods of corrective action The 
failure report shall be transmitted automatically to the sub- 
contractor's internal organizational elements affected and shall 
be filed for ready reference in a central location A copy 
of the failure report shall be sent to TRW Systems no later than 
7 days after the occurrence of the failure 

454 Failure Analysis 

The subcontractor shall analyze all failures to determine the 
cause of each failure The failure analysis format shall refer- 
ence the failure reoort and include a brief description of the 
actual failure, the methods of analysis and a technical descrip- 
tion of the cause or causes In each case, the analysis shall 
be performed by or concurred with the organization responsible 
for the implementation of corrective action as delineated in 
456 The subcontractor's reliability organization shall assun 
timely and accurate implementation of this task 
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4.5 5 Failure Analysis of Returned Equipment 

The subcontractor shall analyze failed products returned by TRW 
Systems in the same manner as 4 5 4 TRW Systems will provide 
to the subcontractor the same type of failure information des- 
cribed in 4 5 3 for use by the subcontractor in his analysis 
If the analysis reveals the failure to be caused by external 
factors after delivery to TRW Systems, the subcontractor shall 
make recommendations for recurrence prevention If the analysis 
reveals causes under the control of the subcontractor or his 
suppliers, the subcontractor shall implement corrective action, 
as delineated in 4 5 6 

456 Corrective Action 

The subcontractor shall implement corrective action to prevent 
recurrence of failures when the analysis of 4 5 4 or 4 5 5 
reveals the cause to be within his control The corrective 
action shall reference the failure report and the failure analysis 
The failure will be considered closed when corrective action is 
implemented and approved by TRW Systems The subcontractor's 
reliability organization shall assure the timely implementation 
of the necessary corrective action 

The subcontractor shall review the results of corrective action 
after its implementation to assure adequate correction of the 
original problem and to assure that no other problems have been 
introduced Failure analysis and corrective action reports shall 
be submitted to TPW Systems no later than 30 days after failure 
occurrence 

4 t> Design Reyiew(s) 

The subcontractor shall schedule and conduct formal design reviews in 
accordance with the statement of work For each design review, cognizant 
TRW Systems personnel shall be notified in advance and will participate 
as members of the reviewing group The design shall be reviewed for both 
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adequacy of conceptual approach and feasibility of simplifying design 
concepts The reviews shall cover materials, processes, electrical, 
mechanical, thermal and GDHS specification requirements, flow and 
logic diagrams, programming, test checkout, and compatibility inter- 
faces. Existing failure histones shall be presented and reviewed 
for adequacy of the corrective actions to eliminate repetition of 
known failures Special design reviews may be scheduled by TRW 
Systems or the subcontractor as the need arises 


4 6 1 Design Review Data Required 

Data requirements for the design reviews are as shown in 
the Statement of Work The data shall form the basis for 
reviewing the design and must be submitted at the customer's 
facility, a minimum of ten (10) working days prior to the date 
of the design review 

462 Design Review Minutes 

Comolete minutes of each design review meeting, giving details 
of discussion, conclusions reached, action items assigned, 
dates of completion, attendance, and similar pertinent informa- 
tion shall be submitted to TRW Systems in a design review 
report Design review action items which are not completed 
shall be reported through the periodic reliability progress 
report The subcontractor shall issue a subsequent design 
review completion report when the action items generated at 
each design review have been completed 


Reliability Indoctrination and Traimnc 


The subcontractor shall initiate training for personnel, as necessary, 
to assure that their skills and knowledge keeo pace with the advancing 
technology and that the errors due to the human element are minimized 
or eliminated The reliability training program shall be subject to 
TRW Systems audit 


C-14 



PAR-700-54 


4 8 Monthly and Final Peports 

The reliability program shall include the submission of monthly progress 
and final status reports These reports may be combined with other 
program documentation provided that all reliability information is 
contained or summarized in a separate report, or separate section of 
the monthly progress report, and supporting information is adequately 
cross-referenced and readily available The reports should provide a 
complete accounting of progress on each element defined by the program 
plan, results achieved, and status of actions to resolve major problems 
Failures and their respective corrective action and design review action 
items which have been completed shall be summarized in these reports 
Charts may be included which compare objectives, minimum requirements, 

■ predictions, and the level of achieved reliability for the system, 
subsystem and equipments 

4 9 Reliability Audits 

TRW Systems will notify the subcontractor prior to a periodic audit to 
ascertain the progress of the subcontractor reliability program 
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Appendix A 

Electronic Part Failure Rate Table 


Failure Rate 
(30 e C & 25/. 

Rated Stress) 

Part Type FailUE.es/Jtr Hours 

Failure Rat 
(30* C & 25 
Rated Stres 

Part Tvpe Failures/lCr 

Capacitors 


Integrated Circuits 



Ceramic 

4 

Analog Amp 


150 

Filters, Feed-thru 

10 

DTL 


25 

Glass 

3 

Hybird 


150 

Mica 

20 

M0S 


100 

Mlyar 

20 

RTL 


25 

Polystyrene 

30 

TTL 


50 

Tantalum, Foil 

20 

Magnetic Amplifier 


14 

Tantalum, Solid 

9 

Relays, Latchnig 


64 

Variable 

40 

Relays, Non-latching 

106 

Connector pints, active 

0 1 

Resistors 



Connectors, Coax 

10 

Carboft Conp 


2 

Core, Magnetic 

0.01 

Metal Film 


1 

Crystals, quartz 
Diodes 

4-1 ayer Devices (SCR, etc ) 
Silicon, General Purpose 

20 

136 

3 

Wire Wound (Power, 
Precision, etc ) 

Variable, Wire Wound 

Thin Film Resistor 
Network 

10 

50 

50 

Silicon Power Rectifier 

44 

Transformer 


14 

Tunnel 

100 

Transistors 



Varactor 

40 

Field Effect 


60 

Zener 

37 

Silicon, High Power 

40 

Inductors (per coil) 

10 

Silicon, Low Power 

10 
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Internal Visual Examination * 

X 

X 

X 


X 

X 





X 

X 





X 

X 1 

High Temperature Storage 

X 

X 

X 



X 













Temperature Cycling 

X 

X 

X 


X 

X 

X 

X 

X 


X 

X 

X 





X 

Acceleration 

X 

X 

X 
















Vibration 





X 

X 





X 

X 






X 2 

Leak Test 

X 

X 

X 



X 


X 




X 






X 

100X Screening 

X 

X 

X 

X 4 


X 

X* 

X s ’ 


X 

X 

X 

X 

X 

X 

X 7 


X 

( ) c Min Sum-In Time-Hours 

168 

168 

96 

i 48 


168 

24 

100 


100 

168 

6000 

100 

40 

100 

50 


30- Day 













CYCLES 






Temp 

> 


















Cycle 

Oellddlng Inspection 

X 

X ' 

X 





X 



X 

X 

X 

X 

X 



X 

(Pecelving Inspection) 

X 

X 

X 

X 

X 

X 

X 

X 

X 

X 

X 

X 

X 

X 

X 

X 

X 

X 

(Parameter Testing) 



















Traceability - lot 

X 

X 

X 

X 

X 

X 

X 

X 

X 

X 

X 

X 

X 

X 

X 

X 

X 

X 


NOTES (1) Pre-can or before paint on glass devices Min of 3QX 

(2) This test 1$ done during electrical operation for crystals which must operate during launch. 

(3) Snple destruct test 

(4) 48 Hour Ba^e at ICO^C, MIL-STD-202* Hethod 102A, Cond "O'* 

(5) P^rfor* rotational cvcl ng - 20 cycles 

(6) Short- t^m overload \ ith drift limts 

(7) 3 to 5 times ra^ed voltaqe 
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AN APPROACH TO RELIABILITY ASSESSMENT 
FOR COMPUTER PROGRAMS 


1 INTRODUCTION 

Software is one of three basic elementsof the Ground Data Handling 
System. The other two are automatic data processing equipment (hard- 
ware) and operations personnel. Software consists of the procedural and 
reference information that guides, directs, or controls the system when- 
ever the system is operated. Typical software components are computer 
programs, data bases, and personnel instructions. 

2. SCOPE 

Pursuit of some fundamental reliability concepts applicable to the 
design, development, test, and operation of software is eased by 
temporarily concentrating on only one of the components above. This 
discussion centers primarily on computer programs and potential impact 
of a simplified reliability discipline on the computer program development 
cycle 

3 DEFINITIONS 

For purposes of this discussion "reliability” is defined as the 
"probability that a computer program will not fail to perform as required " 
"Maintenance” is the activity of detecting, isolating, and correcting 
failures either before or after their occurrence A failure is detected 
when it is determined that 

• The design does not satisfy the requirements 

• The computer program does not perform as specified 
by the design. 

Efforts to cope with the above failure types has resulted m a formal 
design review program which is outlined m detail m other sections of 
this document. 

Specific emphasis on the second failure type leads to some interesting 
concepts m reliability assessment of computer programs It is m relation 
to this assessment that the subtle characteristics of software become 
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extremely important and the subsequent emphasis on testing of the product 
must be established 

4. APPROACH 

Computer programs do not wear out, indeed the more they are used, 
the better they get "Better" here can be easily extrapolated to "more 
reliable" if a few conditions are met First, the use of the computer 
program must either methodically or haphazardly exercise more extensive 
portions of the program. That is, there is an experience factor or 
assessment ratio which is equivalent to the percentage actually encountered 
by the computer program of the total number of functionally distinct com- 
binations of inputs and operating conditions specified. That percentage 
must increase with use Secondly, an analytical evaluation of that 
increased percentage, coupled with some meaningful characteristics of 
the individual computer program under consideration, can lead to a 
mathematical expression of increased confidence that the program will 
perform as required. 

5. ASSUMPTIONS AND METHOD 

A first approximation is made possible through use of available 
automated software test tools, one of which is specifically designed to 
assist m determination of several aspects of computer program usage at 
the instruction, subprogram, and program levels. An assumption which 
is fundamental to this simple approach to computer program reliability is 
that the increasing percentage of the computer program used (whether 
instructions exercised-vs -total instructions or some alternate ratio) is 
directly proportional to an increase in the value of the assessment ratio 
It is possible then to establish an approximate value for the probability 
that a computei program will not fail to perform under all conditions as 
required as the ratio (percentage) of the program "used" by the combina- 
tion of all tests performed. Implicit m this evaluation is the assumption 
that failures incurred during use are corrected as necessary and will 
never recur (i. e. , a sufficient maintenance activity is part of the program 
development). The reliability of a computer program, therefore, 
increases as it is used and as any failures are properly diagnosed and 
corrected. 
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6 CONCLUSIONS 


Steps which have been identified as having most significant impact 
on the resulting reliability of computer programs are 

• Modular design approach 

• Use of "experienced" modules 

• Independent construction to facilitate testing 

• Conformance to approved standards and proven techniques 

• Careful test planning and execution by an independent 
test organization. 

All of these items are consistent with the single objective of attaining a 
minimum acceptable assessment ratio early m the design and development 
phases of program preparation and a guaranteed increase m that ratio 
throughout the entire software production cycle 
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PERFORMANCE ASSURAM CE REQUIRE! ENTS 
PROJECT ERT8 GDHS EOUII’hJiNT 


1.0 PURPOSE 

1*1 To define the detailed TRW Systems Group Performance Assurance 
requirements to subcontractors of Ground Data Handling System 
(GDHS) equipment for the E11TS (Earth Resources Technology Satellite)* 

1.2 To provide subcontractors with the guidelines necessary to 
meet the basic quality, reliability and maintainability re- 
quirements of the subcontract for eventual equipment acceptance 
by the Government. 

2.0 GENERAL RECIPE SETS 

2.1 The subcontractor shall provide and maintain an inspection sys- 
tem meeting all the requirements of NASA Quality Publication 
NFC 200-3* "Inspection System Provisions for Suppliers of Space 
Material, Farts, Components and Services 11 , dated April 1962, 
except as amended herein 

2.2 In addition to the requirements of this document, PAR 700-55, 

the subcontractor shall meet the supplemental quality, reliability 
and maintainability requirements to this document and the require- 
ments of the supplemental clauses of TRU Systems Torm 1991, 

"Supplier Quality Attachment I to SQI 3*0.3", when these clauses 
are specified on the purchase ordor/subcontracts. 

2*3 When the subcontractor detemunos that certain requirements of 
this document are deemed not pertinent to his subcontract, re- 
quest for clarification and/or deletion should be made to TRW 
Systems Group, til-spec and off-the-shelf (existing catalog) 
items are exempt from the NPC 200-3 requirements, 


E-5 



PAR 700-55 


3.0 AMENDMENTS TO NPC POO-3 

3,1 Preparation and Submission of Suppliers* Inspection Plan 
MFC 200-3. Section 2 2 

The subcontractor shall submit three ( 3 ) copies of a written 
inspection plan to TRW Systems Group for approval within thirty 
(30) days after purchase order award. The format of the sub- „ " 
contractors ’ plan shall be m substantial accordance with each 
section heading of NPC 200-3 and the additional requirements 
of this document. 

3.2 Graving and Change Control (NPC 200-3. Section 2.4.) 

3.2.1 General 

The subcontractor must maintain a system for imple- 
menting, recording and verifying changes in product 
configuration at specified change effectivity points. 
When design is the subcontractor’s responsibility, but 
design changes require TRW approval prior to incorpor- 
ation and/or production, Class I changes shall not be 
made m design or manufacture without the written 
approval of TRW. 

3 2.2 Design Review(s) 

The subcontractor shall schedule and conduct formal 
design reviews in accordance with the statement of 
work. For each design review, cognizant TRW Systems 
personnel shall be notified m advance and will partici- 
pate as members of the reviewing group. The design 
shall be reviewed for both adequacy of conceptual 
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approach and fcas'bi 1 *t / of amplifying design con- 
cepts and sin Vi consider quality, roll ability and main- 
tainability roqui remonta* Tho reviews ahall cover ma- 
terials, processes, cl r cl ri cal , mechanical, thermal and 
GDI I r > Tpnci fi cat i on rf qm romeni s , flow and logic diagrams, 
programming, io^t choc Pout, and compatibility interfaces. 
Existing failure histories shall be presented and re- 
viewed for adequacy of the corrective actions to elimin- 
ate repetition of known failures. Special design re- 
views may be scheduled by TRW Systems or the subcontrac- 
tor as the need arises 
3 • 2. 2.1 Design Review Data Required 

Data requirements for the design reviews are 
as shorn in the Statement of Work. The data 
shall form the basis for reviewing the design 
and must be submitted at the customers facil- 
ity, a minimum of ten (10) working days prior 
to the date of the design review 
3 *2# 2* 2 Design Review 1'mutes 

Complete minutes of each design review meeting 
giving details of discussion, conclusions reached, 
actions items assigned, dates of completion, 
attendance, and similar pertinent information 
shall be submitted to TRU Systems m a design 
review report Design review action items 
which are not completed shall be reported 
through the periodic progress report. The sub- 
contractor shall issue a subsequent design re- 
view completion report when the action items 
generated at each design review have been completed. 
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3.3 Government Source Inspection (NPC 200~3, Section 3.2) 

t 

When the purchase order specifies Government Source Inspection 
required, all work is subject to inspection and test monitoring 
by the Government representative. Notification should be in 

* 

advance of the inspection and/or test operation at a time 
mutually agreed. 

Delegation of hateraal Review Board authority to the Govern- 
ment representative that normally services the subcontractor^ 
plant though not normally granted (para 3*6), shall be at the 
discretion of the responsible Government agency for this contract, 

3.4> Control of I atenals (1JFC 200-3* Section 3.5) 

Raw materials, materials, and products shall be inspected to 
determine conformance to applicable specifications and drawings 
and acceptability for use on deliverable equipment. Where 
appropriate, the subcontractor may use GSFC Preferred Parts 
List PPL-10 as a guide for electronic part selection and control. 

3.5 Inspections and Tests (UPC 200-3* Section 3*6) 

The inspections and test performed shall include in addition to 
the NPC 200-3 requirements, the qualification and acceptance 
testing of software, the integration of the hardware and soft- 
ware at the site using engineered stimuli to simulate operating 
conditions, and the performance of the system during observatory 
orbital operations. 
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3.6 Nonconforming Articles (JIPC 200-3, Section 3*S) 

TRW Systems Group will normally not delegate material review 
authority to its subcontractors, who may perform preliminary 
reviews and make dispositions in accordance with the provisions 
of Section 3*^* If a major subcontractor to TRW has design 
cognizance, he may request authority to establish a formal 
Material Review Board for purposes of making dispositions on 
materials or products on which variations exist. Deviations 
can only be dispositioned b IIASA by means of a lequest for 
contractual waiver* The granting of variation materials 
review authority by TRW is contingent upon concurrence by 
TRIPs customer and the cognizant Government inspection agency. 
For purpose of this document, variation and deviation are 
defined as follows 

"Variation" Any nonconformance to drawing or speci- 
fication requirements which, m the opinion of TRW 
Systems Group Quality Assurance does adversely affect 
safety, interchangeability, service life, reliability 
or performance. 

* "Deviation" Any nonconformance to drawing or speci- 

fication requirements which, m the opinion of TRW 
Systems Group Quality Assurance does adversely affect 
safety, interchangeability, service life, reliability, 
performance, or the basic requirements of the contract. 
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If a major subcontractor wishes to request variation material 
review authority from TRW Systems Group, he must submit the 
following to TRW Systems Group Quality Assurance via TRW sys- 
tems Group Tatenel. Complete documentation of the proposed 
Material Review Board organization and the policy under which 
the board proposes to operate This documentation must include 

• Organization chart(s) showing the line authority of 

all proposed engineering and Quality personnel involved* 

• Complete resumes of proposed personnel, showing their 
backgrounds, experience, education, etc* 

• Copies of proposed detailed operating procedures 

• Copies of all proposed forms, tags, etc., and a des- 
scnption of their usage* 

• Complete description of the cause investigation and 
corrective action system the subcontractor proposes to 
use to prevent the recurrence of all variations that 
the proposed board will review disposition. 

I/hen a subcontractor is approveG to conduct a formal material 
review on variation, TRW Systems Group reserves the right to 
reject the decision of the subcontractor^ llatenal Review 
Board; additionally, TRW reserves the right to x eject mater- 
ials or products covered by such decisions after delivery at 
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a T R 1 / Gy stems Group facility, or the 3 n >la"l] at j on 3 ite* 

The subcor tractor 1 0 cogni^m 4 Government Gun'll tf Assurance rep- 
resentative must approve ill decisions mdc by the other two 
members of the subcontractor^ 1'itcnal Review Board. 

The subcontractor^ Kateria] Review Board can make the following 
den. S 3 ons 


Scrap Any one (l) member of the board may make a 
scrap decision without the concurrence of the other 
two ( 2 ) members. 

Reject (Return to Vendor) Any one (l) member of the 
board may make a reject decision without the concur- 
rence of the other members. 

Rework to ^pccj ficati on If the nature of proposed 
rework is minor, and does not require engineers ng 
action, the decision to rework may be made by the 
quality member of the board. 1 ajor rework requires 
engineering members concurrence. 

Rework Beyond Speci ficati on This decision requires 
concurrence bt all members of the bo<?rd. At the time 
this decision is made, it must be decided uh ether the 
extent beyond specification constitutes a variation or 
a deviation, this decision requires the concurrence of 
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all members of the board, as a deviation cannot be 
accepted* 

Use As Is This decision requires concurrence of 
all members of the board. NOTE Deviations cannot 
be accepted by Katenal Review Board. 

3*7 Control of Inspection Measuring and Test Equipment (NPC 200-3* 
Section 3«°) 

The calibration of measuring and test equipment must be in 
conformity with 1 IL-C-45662A* 

3.8 Records of Inspections and Tests (NPC 200-3* Section 3*13) 

An end-item inspection and test report shall be prepared and 
transmitted with the subcontract end-item and shall include 
the following 

• End-item configuration list 

9 Ehd— item nonconformance record 

0 Copy of end-Dtem systems acceptance test reports or 

procedures which include variables test data and result* 
List ol critical and time/temperature sensitive article* 

• Operating time/cycle record of system and subsystem, 

where applicable. 

Final assembly build-up and test procedure, including 
end-item test article replacements. 

Records of all inspections and tests shall be made ava:Dable to 
TEN Systems Group for review when requested* 
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!w0 ADDITIONAL REQUIRE! HITS 

/*•! TRU Systems Group Source Survey 13 ance 

Periodic audits may be made by TRU Systems Group Quality Assur- 
ance m coordination with Lateriel during the life of the pur- 
chase order to determine compliance with this document and the 
extent to which the specified procedures arc be inf followed by 
the subcontractor* Upon completion of thn audit, the subcon- 
tractor will be notified in writing of those areas requiring 
correction* The subcontractor wi}3 be given an appropriate 
period of time within contractual lumts to correct deficiences. 

TRU Systems Group Quality Assurance resei'ves the right to inter- 
pret the extent to which this document applies on supplies and 
services for each subcontract* 

TRU Systems Group may assign resident or itinerant Engineering/ 
Quality Assurance personnel to the subcontractor^ facility 
during performance of the subcontract. The subcontractor must, 
during regular business hours, or at such other time as may be 
necessary, permit such personnel access to his facilities for 
determination of compli ance vn th thi s document and must furnish 
without cost to TRU Systems Group such facilities and services 
which my reasonably be required m support thereof. 

4.2 Indoctrination and Training* 

The subcontractor shall institute a training program for personnel, 
as necessary, to operate the deli vorable, system to assure that 
their skills and knowledge keep pace with the advancing technology, 
and to minimize or eliminate the errors due to the human element* 
The training program shall be subject to TRU Systems audit. 
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Failure Data Collection and Corrective Action 
The subcontractor shall implement a failure reporting and 
corrective action system in accordance with the requirements 
listed beloxw A failure is defined as any inability of a part, 
subassembly, component or function to perform m accordance with 
product specification requirements* 

4*3,1 Fa} lure Reporting and Corrective Action System 

Tile subcontractor shall implement a formal and con- 
trolled system for the reporting, analysis, corrective 
action, and data feedback of all failures and mal- 
functions which occur during system integration and oper- 
ational tests performed after equipment installation 
on-site * This system shall emphasize reporting, anal- 
ysis and corrective action of all failures and mal- 
functions, regardless of their apparent magnitude* 

The subcontractor shall accomplish timely and appro- 
priate action to prevent recurrence of these failures 
and malfunctions* The subcontractor r s reliability 
organization shall review the procedures and monitor 
the implementation of this system. 

4*3.2 failure hotiiication 

The subcontractor shall report failures to TRW Systems 
no later than 43 hours after the failure event. The 
Tt/X shall be addressed to the cognizant THW Systems 
Contracts Administrator* 
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4 3*3 la} lure Report i nr 

The subcontractor chill document all failures as 
defined in 4 3 providmr in format i on to adequately 
describe the failed item, the operation in pro- 
press, the conditions of failure, the synptoms of 
failure, the action taPen at the time o' failure and 
the opinions of those who observed the failure a3 to 
the probable causes and possible mrthod '5 of corrective 
action. The failure report shall be transmitted 
automatically to the subcontractor’s internal organ- 
izational elements affected and shall be filed for 
ready reference in a central locati on, A copy of the 
failure report shall be sent to TRW Systems no later 
than 7 days after the occurrence of the failure, 

4*3*4 failure Analysis 

The subcontractor shall analyze all failures to det- 
ermine the cause of each failure The failure analysis 
format shall reference the failure report and include 
a brief description of the actua] failure, the methods 
of analysis and a technical description of the cause 
or causes. In each case, the analysis shall be per- 
formed by or concurred with the orranization responsible 
for the implementation of corrective action. 
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4*4 Maintainability Analysis 

The subcontractor shall perform a maintainability analysis of 
the GDHS equipment and define m detail the activities, support 
documentation, personnel and equipment required to perform each 
corrective and preventative maintenance task associated with 
the servicing of the GDHS hardware. The significant failure 
modes of each hardware end-item shall be identified together 
with an estimate of the frequency (failure rate) that each 
may be expected to experience in an operational environment, 
the unwanted effects that can occur m the event of each sub- 
assembly failure mode, and the method of failure recognition 
and ^ai^t isolation utilizing equipment monitors and controls. 

In addition, for each such failure mode, a maintenance concept 
shall be described which shall include the type of personnel 
and equipment which are necessary to effect a repair or re- 
placement in a timely manner together with an estimate of the 
average length of time (hean-Time-To-Repair, MTTR) needed to 
complete the repair action and return the item to operational 
status. This includes considerations for emergency corrective measures* 

The latter time shall also include specific recommendations for 
equipment checkout and status verification required to assure 
that the repair is effective. Recommendations for each lard- 
ware end -item shall ilso be made in the areas of scheduled 
maintenance and sparing levels. The rationale for determining 
the frequency and duration of scheduled maintenance periods 
shall be provided, similar dai a concerning recommended spares 
packages or kits shall also be provided, the objective being 
the identification of a spares package which will reduce the 
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likelihood of running out of spares in a cost-effective manner. 
These analvsis tasks will utilize data pattered on previous 
applications of similar equipments to the maximum possible 
extent. The above analysis task shall be performed and pre- 
sented for each desi pn review and updated as necessary through- 
out the program. Submittal of the final analysis report vail 
be made at the conclusion of the 30 day operational perform- 
ance period for the GDHS. 

4.4*1 Operating lime Lops 

Operating time lops wall be maintained for each unit 
during periods for which failure reporting is required 
to evaluate the accuracy of previously derived analytic 
projections Elapsed time meters, sign-m, sign-out 
— sheets, or other workable procedures ^hall be employed 
to ensure that the starts, stops and operational 
times for the hardware items are accurately kept. 

The duration of time required to complete any main- 
tenance action shaDl bo noted together with some assess- 
ment as to whether tiie repair effected was m accordance 
with the method projected in the maintainability anal- 
ysis. Unusual conditions which are felt to be non- 
typical shall be identified. 
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